October CMS

php, enum, cms

Credentials #

# default
admin:admin

# others
october:passwd

Version Detection #

Interesting URL Paths #

# admin portal
/backend/backend/auth/signin

# media uploads directory - you can put reverse shell here
/storage/app/media/

Interesting Files and Directories #

# credentials
config/database.php

Credentials #

Plugins #

# account management
RainLab.User

Some Exploits and Vulnerabilities #

References #