Hacking (insecure) TYPO3 v9 site during TYPO3 Developer Days 2019 (T3DD19). Demonstrating impact of Cross-Site Scripting, compromised HMAC signing using (disclosed) encryption key via Insecure Deserialization as well as SQL Injection via insecure TypoScript.