This exploit demonstrates a time-based SQL injection vulnerability in ClipBucket 2.8 via the 'id' parameter in the 'rating' mode of ajax.php. The PoC uses a CASE statement with SLEEP to confirm the vulnerability.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:ClipBucket 2.8.v3354
No auth needed
Prerequisites:Access to the target's ajax.php endpoint