Giters

hg8 / CVE-2019-16113-PoC

Bludit >= 3.9.2 - Authenticated RCE (CVE-2019-16113)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2019-16113 PoC

Bludit >= 3.9.2 Remote Code Execution Vulnerability via "Upload function".

Simple Python PoC.

Discovery by @christasa: bludit/bludit#1081

Usage

Edit the script with your URL, username, password and command to execute then run the script:

$ python CVE-2019-16113.py
[+] Loggin successful.
[+] Token CSRF: 20b903ffe72490f004b9255521ea2e0419e73dce
[+] Shell upload succesful.
[+] .htaccess upload succesful.
[+] Command execution successful.

Requirements

  • Python 3
  • requests (pip install requests)

About

Bludit >= 3.9.2 - Authenticated RCE (CVE-2019-16113)

Languages

Language:Python 100.0%