Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-17240 PoC — Bludit 安全漏洞

Source
https://github.com/LucaReggiannini/Bludit-3-9-2-bb
Associated Vulnerability
Title:Bludit 安全漏洞 (CVE-2019-17240)
Description:bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Description
Bludit 3.9.2 - bruteforce bypass - CVE-2019-17240
Readme
# Bludit-3-9-2-bb
Bludit 3.9.2 - bruteforce bypass - CVE-2019-17240
\
\
Very simple script based on CVE-2019-17240.
\
Original POC and explanation: https://github.com/bludit/bludit/pull/1090.  
  
  
```
usage: python ./bludit-3-9-2-bb.py -l 'http://sitename.com/admin/login' -u ./usernames_file_list.txt -p ./passwords_file_list.txt

-l : login page (example: http://192.168.1.50/admin/login)
-u : file with usernames list (one by line)
-p : file with passwords list (one by line)
-h : help (optional)
-v : verbose (optional, show all tested 'username:password')
```
File Snapshot

 [4.0K]  /data/pocs/e92bfb3ed7d15712568c404f19ccc0e37a9ebc2c
├── [2.5K]  bludit-3-9-2-bb.py
└── [ 570]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →