CVE-2019-17240 PoC — Bludit 安全漏洞

Source

https://github.com/LucaReggiannini/Bludit-3-9-2-bb

Associated Vulnerability

Title:Bludit 安全漏洞 (CVE-2019-17240)
Description:Bludit是一套开源的轻量级博客内容管理系统（CMS）。 Bludit 3.9.2版本中的bl-kernel/security.class.php文件存在安全漏洞。攻击者通过使用多个伪造的X-Forwarded-For或Client-IP HTTP标头利用该漏洞绕过保护机制。

Description

Bludit 3.9.2 - bruteforce bypass - CVE-2019-17240

Readme

# Bludit-3-9-2-bb
Bludit 3.9.2 - bruteforce bypass - CVE-2019-17240
\
\
Very simple script based on CVE-2019-17240.
\
Original POC and explanation: https://github.com/bludit/bludit/pull/1090.  
  
  
```
usage: python ./bludit-3-9-2-bb.py -l 'http://sitename.com/admin/login' -u ./usernames_file_list.txt -p ./passwords_file_list.txt

-l : login page (example: http://192.168.1.50/admin/login)
-u : file with usernames list (one by line)
-p : file with passwords list (one by line)
-h : help (optional)
-v : verbose (optional, show all tested 'username:password')
```

File Snapshot


 [4.0K]  /data/pocs/e92bfb3ed7d15712568c404f19ccc0e37a9ebc2c
├── [2.5K]  bludit-3-9-2-bb.py
└── [ 570]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!