ClipBucket 2.0.6 XSS vulnerability

I believe I have found a vulnerability in ClipBucket 2.0.6 (haven’t tested with prior versions).

ClipBucket is an open source and free script that will let you start your own Video Sharing (Youtube Clone) website in matter of minutes, ClipBucket is fastest growing script with most video sharing websites and social networking features.
current version: 2.0.6

Summary:
The script handling the search features is not sanitizing user input properly making it possible to produce XSS attacks.

Proof of Concept:

Use the search box of your ClipBucket 2.0.6 installation and Input:

 <script>alert(document.cookie);</script>

This will produce an alert with contents of your cookie.

Problem:
$search->key in search_result.php (line 18) is being directly assigned to the title of the search page without sanitizing its value first.

$search->key = $_GET['query'];

Workaround:
Open file search_result.php. Go to line 39:

Replace this:

Assign('search_type_title',sprintf(lang('searching_keyword_in_obj'),$search->key,$search->search_type[$type]['title']));

By this:

Assign('search_type_title',sprintf(lang('searching_keyword_in_obj'),htmlentities($search->key),$search->search_type[$type]['title']));

The ClipBucket team was already notified and the bug was corrected. Either apply this patch or upgrade your version to 2.0.7

Leave a Reply

Your email address will not be published.