CVE-2024-21520 PoC — Django REST framework 安全漏洞

Source

https://github.com/ch4n3-yoon/CVE-2024-21520-Demo

Associated Vulnerability

Title:Django REST framework 安全漏洞 (CVE-2024-21520)
Description:Django REST framework是Encode开源的一个合作资助的项目。 Django REST framework 3.15.2 版本之前存在安全漏洞，该漏洞源于 break_long_headers 存在跨站脚本漏洞。

Description

A demonstration of common XSS vulnerabilities in Django Rest Framework applications. This repository showcases intentionally vulnerable code to educate developers on identifying and mitigating XSS attacks in DRF-based projects. For educational purposes only.

File Snapshot


 [4.0K]  /data/pocs/39f65a14b5f0453eb539ff9b683462a6fae48095
├── [4.0K]  myproject
│   ├── [132K]  db.sqlite3
│   ├── [ 665]  manage.py
│   ├── [4.0K]  myapp
│   │   ├── [  63]  admin.py
│   │   ├── [ 142]  apps.py
│   │   ├── [   0]  __init__.py
│   │   ├── [4.0K]  migrations
│   │   │   ├── [ 613]  0001_initial.py
│   │   │   └── [   0]  __init__.py
│   │   ├── [ 244]  models.py
│   │   ├── [ 186]  serializers.py
│   │   ├── [  60]  tests.py
│   │   ├── [ 317]  urls.py
│   │   └── [ 955]  views.py
│   └── [4.0K]  myproject
│       ├── [ 395]  asgi.py
│       ├── [   0]  __init__.py
│       ├── [3.2K]  settings.py
│       ├── [ 816]  urls.py
│       └── [ 395]  wsgi.py
└── [  99]  requirements.txt

4 directories, 18 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!