关联漏洞
标题:Django 安全漏洞 (CVE-2025-64459)描述:Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 5.1版本至5.1.14之前版本、4.2版本至4.2.26之前版本和5.2版本至5.2.8之前版本存在安全漏洞,该漏洞源于QuerySet.filter、QuerySet.exclude、QuerySet.get和Q类在使用特制字典作为_connector参数时,可能导致SQL注入攻击。
描述
CVE-2025-64459
介绍
# 🛡️ **CVE‑2025‑64459 — Django SQL Injection Vulnerability**
---
## 🔍 **Overview**
| Item | Details |
| --------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
| **Identifier** | CVE‑2025‑64459 |
| **Description** | SQL injection via ORM `filter()`, `exclude()`, `get()` and `Q()` using `**kwargs` allowing manipulation of `_connector` / `_negated`. |
| **Attack Type** | 🌐 Remote (network), no privileges, no user interaction |
| **Impact** | 🔒 Confidentiality & 📝 Integrity compromised |
| **Severity** | 🚨 CVSS 9.1 (Critical) |
---
## 📦 **Affected Versions & Patch Status**
| Django Version | Status | Patch Version |
| --------------------------------- | --------------------- | ------------------- |
| 4.2 < 4.2.26 | ⚠️ Vulnerable | 4.2.26+ |
| 5.1 < 5.1.14 | ⚠️ Vulnerable | 5.1.14+ |
| 5.2 < 5.2.8 | ⚠️ Vulnerable | 5.2.8+ |
| Older unsupported (3.2, 4.1, 5.0) | ❓ Possibly vulnerable | Upgrade recommended |
**Official Advisory:** [Django Security Releases](https://www.djangoproject.com/weblog/2025/nov/05/security-releases/?utm_source=chatgpt.com)
---
## ⚡ **Technical Details**
### 🔑 Root Cause
* User input via `**kwargs` allows control of internal ORM parameters:
* `_connector` → controls AND / OR joins
* `_negated` → inverts filters
**Risky code example:**
```python
filters = request.GET.dict()
results = Model.objects.filter(**filters)
```
**Malicious query example:**
```
?username=admin&_connector=OR&is_superuser=True
```
### 🔓 **Impact**
* Unauthorized access to data 📄
* Data manipulation ✏️
* Authorization bypass ⚔️
* Low risk for DoS
### 🛠️ Exploitation Conditions
* Public APIs, REST, GraphQL endpoints
* Dynamic filters using user dictionaries
* Legacy Django versions
---
## ⚠️ **Exploitation Status**
* No confirmed widespread attacks 🕵️♂️
* Scanners & WAF rules emerging to detect it
---
## 🛡️ **Mitigation & Recommendations**
### 🔹 Immediate Actions
1. **Upgrade Django** 🚀
* 4.2 → 4.2.26+
* 5.1 → 5.1.14+
* 5.2 → 5.2.8+
2. **Audit your code** 🔍
* Avoid `filter(**dict_from_user)`
* Watch for `Q()` objects using dynamic inputs
3. **Whitelist allowed parameters** ✅
4. **Restrict DB permissions** 🗝️ (least privilege)
5. **Monitor logs** 📜
* Look for `_connector` or `_negated` keys
### 🔹 Long-Term Best Practices
* Use **parameterized queries**
* Educate developers on safe ORM practices 🧑💻
* Maintain an **inventory of Django apps & versions**
---
## 📊 **Summary Cheat Sheet**
| 🔹 Item | 🔹 Details |
| ------------------- | ---------------------------------------------------------- |
| Vulnerability | SQL injection via `_connector` / `_negated` |
| CVE | CVE‑2025‑64459 |
| Affected Versions | 4.2 < 4.2.26, 5.1 < 5.1.14, 5.2 < 5.2.8 |
| Fixed Versions | 4.2.26+, 5.1.14+, 5.2.8+ |
| CVSS Score | 🚨 9.1 Critical |
| Attack Vector | 🌐 Remote, low complexity, no privileges |
| Impact | 🔥 High (confidentiality & integrity) |
| Exploitation Status | 🕵️♀️ No confirmed widespread exploitation |
| Mitigation | Upgrade, audit, whitelist, restrict DB perms, monitor logs |
---
文件快照
[4.0K] /data/pocs/284066f224bc06a324f9c27cad68e0f814d93dd6
└── [4.3K] README.md
1 directory, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。