This exploit combines two exploits in Bludit CMS 3.9.2 to gain remote code execution on the target system.
The original exploits are CVE-2019-17240 & CVE-2019-16113.
- Bruteforce password + RCE
- Bruteforce username:password + RCE
- Setup Bludit 3.9.2 CMS
- Configure login details
- run the exploit:
python3 poc.py