This is a writeup describing an arbitrary file upload vulnerability in Duhok Forum, allowing attackers to upload malicious files (e.g., shell.css) via /admin/up_style.php or /idara/up_style.php. The exploit requires tampering with HTTP requests to bypass restrictions.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Duhok Forum (all versions)
Auth required
Prerequisites:Access to admin or idara upload endpoints · Ability to intercept/modify HTTP requests (e.g., Tamper Data)