This exploit targets a file upload vulnerability in ClipBucket 2.8.3, allowing remote code execution by injecting commands into the filename parameter during upload. The script then retrieves the command output from a log file.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:ClipBucket 2.8.3
No auth needed
Prerequisites:A writable upload directory · A tiny image file named 'temp.jpg'