README.md
Rendering markdown...
# ──────────────────────────────────────────────────────────────────────────────
# CVE-2026-42228 / GHSA-f77h-j2v7-g6mw — n8n Unauthenticated Chat Hijack PoC
# ──────────────────────────────────────────────────────────────────────────────
# Preferred: use docker-compose.yml to spin up the full lab in one command.
#
# Standalone build & run:
# docker build -t n8n-chat-hijack-poc .
#
# # Scan a range
# docker run --rm --network ghsa-f77h-j2v7-g6mw_lab \
# n8n-chat-hijack-poc \
# --target http://n8n-vuln:5678 \
# --start-id 1 --end-id 200
#
# # Attack a known execution ID
# docker run --rm --network ghsa-f77h-j2v7-g6mw_lab \
# n8n-chat-hijack-poc \
# --target http://n8n-vuln:5678 \
# --exec-id 42 --inject "PWNED"
# ──────────────────────────────────────────────────────────────────────────────
FROM python:3.12-slim
LABEL org.opencontainers.image.title="n8n Chat Hijack PoC" \
org.opencontainers.image.description="CVE-2026-42228 / GHSA-f77h-j2v7-g6mw — for authorised security research only" \
org.opencontainers.image.version="1.0.0"
RUN pip install --no-cache-dir websocket-client==1.8.0
WORKDIR /poc
COPY poc_GHSA-f77h-j2v7-g6mw.py poc.py
ENTRYPOINT ["python3", "poc.py"]