October CMS
Credentials #
# default
admin:admin
# others
october:passwd
Version Detection #
- Doesn’t disclose
Interesting URL Paths #
# admin portal
/backend/backend/auth/signin
# media uploads directory - you can put reverse shell here
/storage/app/media/
Interesting Files and Directories #
# credentials
config/database.php
Credentials #
- You can register user without email verification
Plugins #
# account management
RainLab.User
Some Exploits and Vulnerabilities #
- File upload - bypass by using
.php5
extension
References #
- HTB October