CVE-2009-0255

HIGH

TYPO3 4.0.0-4.0.9 4.1.0-4.1.7 4.2.0-4.2.3 - Use of Insufficiently Random Values in System Extension Install Tool

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0255. PoCs published by Chris John Riley, including Metasploit module auxiliary/admin/http/typo3_sa_2009_001.

AI-analyzed exploit summary This Metasploit module exploits a weak encryption key flaw in TYPO3's jumpUrl mechanism to disclose arbitrary files accessible to the web server user. It brute-forces encryption keys and bypasses security filters using null byte padding.

Description

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Exploits (1)

metasploit WORKING POC

by Chris John Riley · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/typo3_sa_2009_001.rb

View Code ZIP pw:eip

This Metasploit module exploits a weak encryption key flaw in TYPO3's jumpUrl mechanism to disclose arbitrary files accessible to the web server user. It brute-forces encryption keys and bypasses security filters using null byte padding.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: TYPO3 (versions affected by CVE-2009-0255)

No auth needed

Prerequisites: Network access to the TYPO3 instance · Knowledge of the target file path

MITRE ATT&CK