关联漏洞
标题:
Bludit 安全漏洞
(CVE-2019-17240)
描述:Bludit是一套开源的轻量级博客内容管理系统(CMS)。 Bludit 3.9.2版本中的bl-kernel/security.class.php文件存在安全漏洞。攻击者通过使用多个伪造的X-Forwarded-For或Client-IP HTTP标头利用该漏洞绕过保护机制。
描述
Bludit 3.9.2 - Auth Bruteforce Bypass CVE:2019-17240 Refurbish In bash
介绍
<a href="https://www.buymeacoffee.com/0xDTC"><img src="https://img.buymeacoffee.com/button-api/?text=Buy me a knowledge&emoji=📖&slug=0xDTC&button_colour=FF5F5F&font_colour=ffffff&font_family=Comic&outline_colour=000000&coffee_colour=FFDD00" /></a>
# Bludit Bruteforce Mitigation Bypass Script
## Overview
This script is a refurbished Bash implementation of an exploit targeting the Bludit CMS version <= 3.9.2. It leverages a vulnerability (CVE-2019-17240) that allows brute-forcing passwords by bypassing the CSRF token-based protection.
The original Python script was written by **ColdFusionX (Mayank Deshmukh)** and is adapted here for Bash users with enhanced usability and progress tracking.
## Vulnerability Details
- **Discoverer**: Rastating
- **CVE**: [CVE-2019-17240](https://nvd.nist.gov/vuln/detail/CVE-2019-17240)
- **References**:
- [Bludit Brute Force Mitigation Bypass](https://rastating.github.io/bludit-brute-force-mitigation-bypass/)
- [Patch Details](https://github.com/bludit/bludit/pull/1090)
- **Description**: The issue lies in how CSRF tokens are generated and validated in the login process, enabling attackers to brute-force credentials while bypassing mitigation mechanisms.
## Features
- **Bruteforce Attack**: Attempts to brute-force the login page by leveraging the vulnerability.
- **CSRF Token Handling**: Dynamically fetches and uses CSRF tokens to bypass protections.
- **Progress Tracking**: Displays a progress bar to monitor the brute-force attempt.
- **User-Agent Customization**: Sends requests with a spoofed User-Agent.
## Prerequisites
- **Dependencies**:
- `curl`: For sending HTTP requests.
- Bash shell.
- **Tested Environment**: Linux OS with Bash.
## Usage
Provide the Execution permissions:
```bash
chmod +x CVE-2019-17240
```
Run the script with the required arguments:
```bash
bash CVE-2019-17240 -u <url> -U <username> -w <passwordfile>
```
### Parameters
| Parameter | Description |
|------------------|--------------------------------------------------|
| `-u <url>` | The full login URL (e.g., `http://example.org/admin/login`). |
| `-U <username>` | The username to brute-force. |
| `-w <passwordfile>` | The path to the password file. |
### Example
```bash
bash CVE-2019-17240 -u http://example.org/admin/login -U admin -w passwords.txt
```
## Script Workflow
1. **Command-line Argument Parsing**:
- Extracts the login URL, username, and password file.
2. **CSRF Token Extraction**:
- Dynamically fetches the CSRF token from the login page using `curl`.
3. **Login Attempts**:
- Sends HTTP POST requests with the extracted CSRF token and a password from the list.
- Tracks and displays the current password attempt and progress.
4. **Success Detection**:
- Checks for successful login by detecting a redirect to the admin dashboard.
## Limitations
- Requires a valid URL and username.
- Password file should be pre-prepared and comprehensive.
## Credits
- **Original Exploit Author**: ColdFusionX ([Website](https://coldfusionx.github.io))
- **Discoverer of Vulnerability**: Rastating ([Website](https://rastating.github.io))
- **Adapted Script**: Refurbished by [0xdtc] Bulit in BASH
## Disclaimer
This script is for **educational purposes only**. Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical. Use responsibly.
文件快照
[4.0K] /data/pocs/28247e8eccc502a0831ba45a86fb4306afcd1869
├── [4.2K] CVE-2019-17240
└── [3.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。