module
TYPO3 Winstaller Default Encryption Keys
| Disclosed | Created |
|---|---|
| N/A | May 30, 2018 |
Disclosed
N/A
Created
May 30, 2018
Description
This module exploits known default encryption keys found in the TYPO3 Winstaller.
This flaw allows for file disclosure in the jumpUrl mechanism. This issue can be
used to read any file that the web server user account has access to view.
The method used to create the juhash (short MD5 hash) was altered in later versions
of Typo3. Use the show actions command to display and select the version of TYPO3 in
use (defaults to the older method of juhash creation).
This flaw allows for file disclosure in the jumpUrl mechanism. This issue can be
used to read any file that the web server user account has access to view.
The method used to create the juhash (short MD5 hash) was altered in later versions
of Typo3. Use the show actions command to display and select the version of TYPO3 in
use (defaults to the older method of juhash creation).
Author
Chris John Riley
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.