Home / os / winmobile

ClipBucket beats_uploader Unauthenticated Arbitrary File Upload

Posted on 27 March 2018

This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.

 

TOP