dify-exploit

该技能不是普通开发辅助，而是专门让AI代理执行 Dify 漏洞利用、批量扫描、内网探测、RCE 与后渗透的攻击性技能。安装链本身未见明显恶意，但能力范围与实际效果属于高风险 offensive security tooling，应判定为 SUSPICIOUS 而非确认恶意软件。

This artifact is a highly dangerous exploit/scanner template that crafts multipart/form-data requests with prototype/constructor gadget structures to trigger unsafe deserialization and execute arbitrary OS commands via child_process.execSync (including PowerShell). It also includes a redirect-based confirmation channel to verify execution. Treat as malicious attack tooling; do not use against systems without explicit authorization and ensure the target runtime is patched.

This fragment contains highly actionable, explicitly weaponized exploitation instructions for achieving server-side RCE via prototype-chain manipulation and command execution, with command output returned to the attacker through HTTP redirect/header side channels. While it is not a dependency source file itself, the provided content represents clear malicious intent and would be extremely dangerous if included or shipped within a software supply chain.