==============================================
Duhok Forum Remot upload Vulnerability
==============================================
 
####################################################################
# Exploit Title: Duhok Forum Remot upload Shell Vulnerability
# Date: 30-11-2010
# Author: BrOx-Dz
# email : E.dz@hotmail.fr
# Software Link: http://www.duhoktimes.com/df/
# Version: all version
# Tested on: windows xp pack 3 linux ubuntu 10
# home  : algerie // Free  Gaza//
  
####################################################################
 
===[  Vulnerable File ]===
 
/admin/up_xml.php
/admin/up_style.php
/idara/up_xml.php
/idara/up_style.php
  
===[ Exploit ]===
 
1- go www.site.com/patch/admin/up_style.php or www.site.com/patch/idara/up_style.php
 
2- upload shell "shell.css" and use tamper data
 
3- and go www.site.com/patch/slyle/style_shell.php
 
 
 .. enjoy --
  
####################################################################
 
greetz : kader11000 lagripe-dz  mca_crb NetCat-Dz    all dz members
 
www.h4kz.net   www.v4-team.com   www.vbspiders.com  www.dz4all.com/cc