ClipBucket beats_uploader Unauthenticated Arbitrary File Upload

Posted by deepcore on March 28, 2018 – 3:13 am

This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 – Release 4902 on Windows 7 and Kali Linux.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Weblication CMS Core And Grid 12.6.24 Cross Site Scripting Acrolinx Server Directory Traversal »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

ClipBucket beats_uploader Unauthenticated Arbitrary File Upload

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL