Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19844 PoC — Django 授权问题漏洞

Source
https://github.com/0xsha/CVE_2019_19844
Associated Vulnerability
Title:Django 授权问题漏洞 (CVE-2019-19844)
Description:Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 1.11.27之前版本、2.2.9之前的2.x版本和3.0.1之前的3.x版本中存在安全漏洞。攻击者可借助特制的邮件地址利用该漏洞劫持用户账户。
Description
CVE-2019-19844 Docker Edition
Readme
# django_cve_2019_19844_poc

PoC for [CVE-2019-19844](https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

![](https://github.com/ryu22e/django_cve_2019_19844_poc/workflows/django_cve_2019_19844_poc/badge.svg)

## Setup

1. docker-compose run --service-ports web python manage.py migrate --no-input
2. docker-compose run --service-ports web python manage.py createsuperuser --email=me@0xsha.io --username 0xsha
3. Head on to localhost:8000/accounts/password-reset
4. me@0xsha.ıo and hit enter (Note that "i" is malformed)
5. Check the console
File Snapshot

 [4.0K]  /data/pocs/4fa51ba653bff7ef9b7f02f1f52fdb0823b29311
├── [4.0K]  accounts
│   ├── [  63]  admin.py
│   ├── [  91]  apps.py
│   ├── [ 345]  forms.py
│   ├── [   0]  __init__.py
│   ├── [4.0K]  migrations
│   │   ├── [   0]  __init__.py
│   │   └── [4.0K]  __pycache__
│   │       └── [ 128]  __init__.cpython-38.pyc
│   ├── [  57]  models.py
│   ├── [4.0K]  __pycache__
│   │   ├── [ 158]  admin.cpython-38.pyc
│   │   ├── [ 615]  forms.cpython-38.pyc
│   │   ├── [ 117]  __init__.cpython-38.pyc
│   │   ├── [ 155]  models.cpython-38.pyc
│   │   ├── [1.5K]  urls.cpython-38.pyc
│   │   └── [1.5K]  views.cpython-38.pyc
│   ├── [4.0K]  templates
│   │   ├── [ 349]  login.html
│   │   ├── [4.0K]  mails
│   │   │   └── [4.0K]  password_reset
│   │   │       ├── [ 155]  body.txt
│   │   │       └── [  15]  subject.txt
│   │   ├── [ 221]  password_reset_complete.html
│   │   ├── [ 265]  password_reset_confirm.html
│   │   ├── [ 164]  password_reset_done.html
│   │   ├── [ 299]  password_reset.html
│   │   └── [ 218]  profile.html
│   ├── [2.5K]  tests.py
│   ├── [1.5K]  urls.py
│   └── [1.0K]  views.py
├── [4.0K]  django_cve_2019_19844_poc
│   ├── [ 427]  asgi.py
│   ├── [   0]  __init__.py
│   ├── [4.0K]  __pycache__
│   │   ├── [ 134]  __init__.cpython-38.pyc
│   │   ├── [2.5K]  settings.cpython-38.pyc
│   │   ├── [ 987]  urls.cpython-38.pyc
│   │   └── [ 573]  wsgi.cpython-38.pyc
│   ├── [3.3K]  settings.py
│   ├── [ 825]  urls.py
│   └── [ 427]  wsgi.py
├── [ 211]  docker-compose.yml
├── [ 146]  Dockerfile
├── [1.0K]  LICENSE
├── [ 645]  manage.py
├── [ 561]  README.md
└── [  79]  requirements.txt

9 directories, 39 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.