### [CVE-2019-17240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17240)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

### POC

#### Reference
- http://packetstormsecurity.com/files/158875/Bludit-3.9.2-Authentication-Bruteforce-Mitigation-Bypass.html
- http://packetstormsecurity.com/files/159664/Bludit-3.9.2-Bruteforce-Mitigation-Bypass.html
- https://github.com/bludit/bludit/pull/1090
- https://rastating.github.io/bludit-brute-force-mitigation-bypass/

#### Github
- https://github.com/0xConstant/CVE-2019-16113
- https://github.com/0xT11/CVE-POC
- https://github.com/0xkasra/CVE-2019-16113
- https://github.com/0xkasra/CVE-2019-17240
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CasperGN/tooling
- https://github.com/ColdFusionX/CVE-2019-17240_Bludit-BF-Bypass
- https://github.com/LucaReggiannini/Bludit-3-9-2-bb
- https://github.com/LucaReggiannini/LDS
- https://github.com/LucaReggiannini/local-data-stealer
- https://github.com/MrW0l05zyn/bludit-cms-bypass-brute-force-protection-mechanism
- https://github.com/Sheri98/DictionaryAttackTool
- https://github.com/TikvahTerminator/BluditBruteforce
- https://github.com/alphaSeclab/sec-daily-2020
- https://github.com/anquanscan/sec-tools
- https://github.com/brunosergi/bloodit
- https://github.com/brunosergi0/bloodit
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/drerx/python-pearls
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/jayngng/bludit-CVE-2019-17240
- https://github.com/mind2hex/CVE-2019-17240
- https://github.com/noraj/Bludit-auth-BF-bypass
- https://github.com/pingport80/CVE-2019-17240
- https://github.com/pwnd-root/exploits-and-stuff
- https://github.com/spyx/cve-2019-17240
- https://github.com/tobor88/Python3-Tools
- https://github.com/triple-octopus/Bludit-CVE-2019-17240-Fork
- https://github.com/zweilosec/python-pearls