OWASP Mantra - http://www.getmantra.com/
One File CMS - http://onefilecms.com/
Vulnerable script - http://www.exploit-db.com/wp-content/themes/exploit/applications/f04de7d2941d453eb9e1413bc5a2cc61-onefilecms.txt
Default username: username and password: password
UWAMP - http://www.uwamp.com/
No-Redirect Firefox add-on - http://code.kliu.org/noredirect/
Vettila Music - http:://music.vettila.com/
1337day - http://1337day.com/exploits/17687
PacketStormSecurity - http://packetstormsecurity.org/files/110715/OneFileCMS-1.1.4-Access-Bypass.html
Exploit-DB - http://www.exploit-db.com/exploits/18632/
Secunia - http://secunia.com/advisories/48350