Now that we have seen that it is possible to get remote code execution if the encryptionKey is known, we are able to say that it is possible to convert any File Read vulnerabilities to RCE. That’s why I advise you when auditing an application using Typo3 to read the source code of the plugins. If one of them is vulnerable to a File Read you will be able to transform it into an RCE.

If I became interested in obtaining an RCE on Typo3 it’s because I was wondering if it was possible to increase the impact of the exploit discovered by CrashBandicot and @dosperl (Typo3 Restler Extension - Local File Disclosure) in 2017.


PS: I was a little absent and haven’t posted much recently so I’ll try to get back to you with some cool stuff. The next article will present an easy way to get an RCE on Bolt CMS .

See you for the next post :)

Coiffeur