POC详情: 28247e8eccc502a0831ba45a86fb4306afcd1869

来源
关联漏洞
标题: Bludit 安全漏洞 (CVE-2019-17240)
描述:Bludit是一套开源的轻量级博客内容管理系统(CMS)。 Bludit 3.9.2版本中的bl-kernel/security.class.php文件存在安全漏洞。攻击者通过使用多个伪造的X-Forwarded-For或Client-IP HTTP标头利用该漏洞绕过保护机制。
描述
Bludit 3.9.2 - Auth Bruteforce Bypass CVE:2019-17240 Refurbish In bash
介绍
<a href="https://www.buymeacoffee.com/0xDTC"><img src="https://img.buymeacoffee.com/button-api/?text=Buy me a knowledge&emoji=📖&slug=0xDTC&button_colour=FF5F5F&font_colour=ffffff&font_family=Comic&outline_colour=000000&coffee_colour=FFDD00" /></a>

# Bludit Bruteforce Mitigation Bypass Script

## Overview
This script is a refurbished Bash implementation of an exploit targeting the Bludit CMS version <= 3.9.2. It leverages a vulnerability (CVE-2019-17240) that allows brute-forcing passwords by bypassing the CSRF token-based protection. 

The original Python script was written by **ColdFusionX (Mayank Deshmukh)** and is adapted here for Bash users with enhanced usability and progress tracking.

## Vulnerability Details
- **Discoverer**: Rastating
- **CVE**: [CVE-2019-17240](https://nvd.nist.gov/vuln/detail/CVE-2019-17240)
- **References**: 
  - [Bludit Brute Force Mitigation Bypass](https://rastating.github.io/bludit-brute-force-mitigation-bypass/)
  - [Patch Details](https://github.com/bludit/bludit/pull/1090)
- **Description**: The issue lies in how CSRF tokens are generated and validated in the login process, enabling attackers to brute-force credentials while bypassing mitigation mechanisms.

## Features
- **Bruteforce Attack**: Attempts to brute-force the login page by leveraging the vulnerability.
- **CSRF Token Handling**: Dynamically fetches and uses CSRF tokens to bypass protections.
- **Progress Tracking**: Displays a progress bar to monitor the brute-force attempt.
- **User-Agent Customization**: Sends requests with a spoofed User-Agent.

## Prerequisites
- **Dependencies**:
  - `curl`: For sending HTTP requests.
  - Bash shell.
- **Tested Environment**: Linux OS with Bash.

## Usage
Provide the Execution permissions:

```bash
chmod +x CVE-2019-17240
```

Run the script with the required arguments:

```bash
bash CVE-2019-17240 -u <url> -U <username> -w <passwordfile>
```

### Parameters
| Parameter       | Description                                      |
|------------------|--------------------------------------------------|
| `-u <url>`      | The full login URL (e.g., `http://example.org/admin/login`). |
| `-U <username>` | The username to brute-force.                     |
| `-w <passwordfile>` | The path to the password file.               |

### Example
```bash
bash CVE-2019-17240 -u http://example.org/admin/login -U admin -w passwords.txt
```

## Script Workflow

1. **Command-line Argument Parsing**:
   - Extracts the login URL, username, and password file.
2. **CSRF Token Extraction**:
   - Dynamically fetches the CSRF token from the login page using `curl`.
3. **Login Attempts**:
   - Sends HTTP POST requests with the extracted CSRF token and a password from the list.
   - Tracks and displays the current password attempt and progress.
4. **Success Detection**:
   - Checks for successful login by detecting a redirect to the admin dashboard.

## Limitations
- Requires a valid URL and username.
- Password file should be pre-prepared and comprehensive.

## Credits
- **Original Exploit Author**: ColdFusionX ([Website](https://coldfusionx.github.io))
- **Discoverer of Vulnerability**: Rastating ([Website](https://rastating.github.io))
- **Adapted Script**: Refurbished by [0xdtc] Bulit in BASH

## Disclaimer
This script is for **educational purposes only**. Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical. Use responsibly.
文件快照
 [4.0K]  /data/pocs/28247e8eccc502a0831ba45a86fb4306afcd1869
├── [4.2K]  CVE-2019-17240
└── [3.4K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。