Google dork:

"guest @ bytehoard"

Log into bytehoard using a non privileged user.
Perform any desired actions, then log out.
Click on the "Lost Details" link.
Input the desired username you want to have access to ("admin" to get
administrator access) and submit the data.
The system will either return an error message or a "mail sent" message.
Ignore the last message and go directly to the index.php page (easily
obtained by erasing the "?page=passreset" part)
You should have access to the desired account.

Administrator account is: admin

Log in as a bytehoard administrator
Click the "Upload files" link
Change upload directory to an arbitrary path (by pushing the change
button and selecting another directory)
Edit the "infolder" GET parameter to ".." and go to the resulting url
The resulting page should read "Uploading to: .." to the left of the
change button
Select a php file with a shell, exploit or action to be run in one of
the upload slots, upload the file
There should be an error trying to stat the uploaded file but bytehoard
should continue the upload process
The file has been deposited in the filestorage's parent directory and
will be executed if called