This one had me going for a bit, but if you name a controller the same as a file that is in the “webroot” folder, and try to navigate to it, cake will just show you a listing of all the files in the same named directory.

As an example, the “files” folder comes with the cakephp installation right?

Not knowing that, I tried to build a files controller and navigate to it.

but it takes me instead to

 
and here’s the listing of files

I’m thinking that this could actually be used against you as a vulnerability, so keep that in mind too.