# cmsmini

## Interesting Path

```
# login page
/admin/login.php
```

## Default Credentials

```
admin:password
```

## File Upload (authenticated)

```
https://www.exploit-db.com/exploits/28128
# Uploading image browse in form, selecting .php
# changing Content-Type (in POST data) application/x-php to application/octet-stream
# file is uploaded at /pages/.php
```