CVE-2019-16113 PoC — Bludit 路径遍历漏洞

Source

https://github.com/hg8/CVE-2019-16113-PoC

Associated Vulnerability

Title:Bludit 路径遍历漏洞 (CVE-2019-16113)
Description:Bludit是一套开源的轻量级博客内容管理系统（CMS）。 Bludit 3.9.2版本中存在路径遍历漏洞。远程攻击者可借助bl-kernel/ajax/upload-images.php文件利用该漏洞执行代码。

Description

Bludit >= 3.9.2 - Authenticated RCE (CVE-2019-16113)

Readme

# CVE-2019-16113 PoC

Bludit >= 3.9.2 Remote Code Execution Vulnerability via "Upload function".

Simple Python PoC.

Discovery by [@christasa](https://github.com/christasa): https://github.com/bludit/bludit/issues/1081

## Usage

Edit the script with your URL, username, password and command to execute then run the script:

```bash
$ python CVE-2019-16113.py
[+] Loggin successful.
[+] Token CSRF: 20b903ffe72490f004b9255521ea2e0419e73dce
[+] Shell upload succesful.
[+] .htaccess upload succesful.
[+] Command execution successful.
```

## Requirements

- Python 3
- requests (`pip install requests`)

File Snapshot


 [4.0K]  /data/pocs/d9974bf32aeabaea4ccec14c3fe581553d6c8c79
├── [2.1K]  CVE-2019-16113.py
└── [ 604]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!