CVE-2019-16113

This Metasploit module exploits a directory traversal vulnerability in Bludit's image upload feature (CVE-2019-16113) to achieve remote code execution by uploading a malicious PHP payload and a custom .htaccess file to bypass file extension checks.

This exploit leverages a directory traversal vulnerability in Bludit 3.9.2 to upload a malicious .png file containing PHP code and a .htaccess file to execute arbitrary commands. The exploit requires valid admin credentials to authenticate and upload the payloads.

This exploit leverages a directory traversal vulnerability in Bludit 3.9.12 to upload a malicious PHP shell and execute arbitrary commands. It authenticates as an admin, uploads a webshell via the image upload functionality, and triggers command execution by accessing the uploaded file.

This repository contains a functional exploit for CVE-2019-16113, a directory traversal vulnerability in Bludit CMS versions >= 3.9.2. The exploit authenticates, uploads a malicious PHP file via a directory traversal attack, and executes arbitrary commands.

This repository contains a functional Python exploit for CVE-2019-16113, a remote code execution vulnerability in Bludit CMS versions >= 3.9.2. The exploit leverages an arbitrary file upload vulnerability in the image upload functionality to execute system commands via a malicious PHP payload.

This repository contains a functional Python exploit for CVE-2019-16113, a directory traversal and file upload vulnerability in Bludit 3.9.2. The exploit uploads a malicious PHP payload disguised as a .png file and modifies the .htaccess file to execute the payload, achieving remote code execution.

This repository contains a functional Python exploit for CVE-2019-16113, targeting Bludit 3.9.2. The exploit leverages an authenticated file upload vulnerability to achieve remote command execution by uploading a malicious image and a crafted .htaccess file.

This repository contains a functional Python exploit for CVE-2019-16113, which targets a directory traversal and file upload vulnerability in Bludit 3.9.2. The exploit uploads a malicious PHP payload disguised as a PNG file and modifies the .htaccess file to execute the payload, resulting in remote code execution.

This repository contains a functional exploit for CVE-2019-16113, targeting Bludit CMS versions >= 3.9.2. The exploit leverages a path traversal vulnerability in the image upload functionality to achieve remote code execution (RCE) by uploading a malicious .htaccess file and a PHP shell.

This repository contains a functional exploit for CVE-2019-16113, which combines brute-force authentication bypass (CVE-2019-17240) and file upload vulnerability in Bludit CMS 3.9.2 to achieve remote code execution via a reverse shell.

This repository contains functional exploit code for CVE-2019-16113, targeting Bludit CMS. It includes scripts for password cracking, Metasploit integration for RCE, and privilege escalation to root via a known password.

This repository contains a functional exploit for CVE-2019-16113, a directory traversal vulnerability in Bludit CMS 3.9.2. The exploit leverages improper file handling during image uploads to achieve remote code execution (RCE) via a crafted .htaccess file and a malicious image file.

This Metasploit module exploits a directory traversal vulnerability in Bludit's image upload feature (CVE-2019-16113) to achieve remote code execution by uploading a malicious PHP payload and a custom .htaccess file to bypass file extension checks.