{"id":18688762,"url":"https://github.com/noraj/bludit-auth-bf-bypass","last_synced_at":"2025-06-15T12:05:56.893Z","repository":{"id":86822091,"uuid":"287979787","full_name":"noraj/Bludit-auth-BF-bypass","owner":"noraj","description":"Bludit \u003c= 3.9.2 - Authentication Bruteforce Mitigation Bypass","archived":false,"fork":false,"pushed_at":"2020-08-21T11:10:27.000Z","size":4,"stargazers_count":14,"open_issues_count":0,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-12T05:38:05.619Z","etag":null,"topics":["authentication","bludit","bruteforce","bypass","cms","cve-2019-17240","exploit","poc","proof-of-concept"],"latest_commit_sha":null,"homepage":"https://pwn.by/noraj/","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/noraj.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-16T16:18:04.000Z","updated_at":"2024-08-12T20:04:47.000Z","dependencies_parsed_at":"2023-04-13T15:31:44.178Z","dependency_job_id":null,"html_url":"https://github.com/noraj/Bludit-auth-BF-bypass","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/noraj/Bludit-auth-BF-bypass","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noraj%2FBludit-auth-BF-bypass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noraj%2FBludit-auth-BF-bypass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noraj%2FBludit-auth-BF-bypass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noraj%2FBludit-auth-BF-bypass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/noraj","download_url":"https://codeload.github.com/noraj/Bludit-auth-BF-bypass/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noraj%2FBludit-auth-BF-bypass/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259971378,"owners_count":22940011,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","bludit","bruteforce","bypass","cms","cve-2019-17240","exploit","poc","proof-of-concept"],"created_at":"2024-11-07T10:38:17.069Z","updated_at":"2025-06-15T12:05:56.851Z","avatar_url":"https://github.com/noraj.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Bludit Auth BF mitigation bypass exploit / PoC\n\n\u003e Bludit \u003c= 3.9.2 - Authentication Bruteforce Mitigation Bypass\n\nExploit / PoC for [CVE-2019-17240](https://nvd.nist.gov/vuln/detail/CVE-2019-17240).\n\n[[EDB-48746](https://www.exploit-db.com/exploits/48746)] [[PacketStorm](https://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html)] [[WLB-2020080094](https://cxsecurity.com/issue/WLB-2020080094)]\n\n## Usage\n\n```\n$ ruby exploit.rb --help\nBludit \u003c= 3.9.2 - Authentication Bruteforce Mitigation Bypass\n\nUsage:\n  exploit.rb -r \u003curl\u003e -u \u003cusername\u003e -w \u003cpath\u003e [--debug]\n  exploit.rb -H | --help\n\nOptions:\n  -r \u003curl\u003e, --root-url \u003curl\u003e            Root URL (base path) including HTTP scheme, port and root folder\n  -u \u003cusername\u003e, --user \u003cusername\u003e      Username of the admin\n  -w \u003cpath\u003e, --wordlist \u003cpath\u003e          Path to the wordlist file\n  --debug                               Display arguments\n  -H, --help                            Show this screen\n\nExamples:\n  exploit.rb -r http://example.org -u admin -w myWordlist.txt\n  exploit.rb -r https://example.org:8443/bludit -u john -w /usr/share/wordlists/password/rockyou.txt\n```\n\n## Requirements\n\n- [httpclient](https://github.com/nahi/httpclient)\n- [docopt.rb](https://github.com/docopt/docopt.rb)\n\nExample for BlackArch:\n\n```\npacman -S ruby-httpclient ruby-docopt\n```\n\nExample using gem:\n\n```\ngem install httpclient docopt\n```\n\n## Reference\n\nThis is an exploit for the vulnerability found by [Rastating](https://rastating.github.io/) on [Bludit CMS](https://www.bludit.com/).\n\nVulnerability explanation: https://rastating.github.io/bludit-brute-force-mitigation-bypass/.\n\nPatch: https://github.com/bludit/bludit/pull/1090\n\nThis exploit was tested with Ruby 2.7.1.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoraj%2Fbludit-auth-bf-bypass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnoraj%2Fbludit-auth-bf-bypass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoraj%2Fbludit-auth-bf-bypass/lists"}