The exploit demonstrates multiple vulnerabilities in ClipBucket 2.8.3, including blind SQL injection via the 'cid' parameter in 'view_collection.php', arbitrary file read/write via 'template_editor.php' (requiring admin access), and a default weak admin password. The PoC includes specific URLs and parameters to exploit these issues.
Classification
Working Poc 90%
Attack Type
Sqli | Info Leak | Auth Bypass
Target:
ClipBucket 2.8.3
Auth required
Prerequisites:
Access to the target application · Admin privileges for arbitrary file read/write