Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-57833 PoC — Django SQL注入漏洞

Source
https://github.com/Mkway/CVE-2025-57833
Associated Vulnerability
Title:Django SQL注入漏洞 (CVE-2025-57833)
Description:Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 4.2.24之前版本、5.1.12之前版本和5.2.6之前版本存在SQL注入漏洞,该漏洞源于FilteredRelation在列别名中受到SQL注入的影响。
Description
We've set up an environment to test CVE-2025-57833. This environment was built using AI, so it's subject to ongoing modification.
Readme
# Django SQL Injection Test Environment (CVE-2025-57833)

This is a Docker-based test environment for demonstrating the critical SQL injection vulnerability CVE-2025-57833 in Django.

## Key Points

*   **Vulnerability**: CVE-2025-57833 is a critical SQL injection vulnerability in the Django ORM that occurs when using `FilteredRelation` with `select_related`.
*   **Root Cause**: The vulnerability is caused by using unsanitized user input directly as a field name in a `FilteredRelation`, which allows for the manipulation of the generated SQL query.
*   **Impact**: This can lead to information disclosure and Remote Code Execution (RCE) on the PostgreSQL database server, with a CVSS score of 9.8 (Critical).
*   **Attack Vector**: Attackers can exploit this by sending a malicious payload in the `search_field` of a POST request to the `/api/vulnerable-search/` endpoint.
*   **Mitigation**: The recommended fix is to use a whitelist to validate user input before it is passed to the Django ORM.

## References

- **Medium Article**: [Django Unauthenticated 0-click RCE and SQL Injection using Default Configuration](https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898) by Eyal Gabay (@EyalSec)
- **Django Security Release**: [Django security releases issued: 5.2.6, 5.1.12, and 4.2.24](https://www.djangoproject.com/weblog/2025/sep/03/security-releases/)
- **NullSecurityx Article**: [CVE-2025-57833 Django SQL Injection](https://nullsecurityx.codes/cve-2025-57833-django-sql-injection)

For more detailed documentation, please see [document/README.md](document/README.md).
File Snapshot

 [4.0K]  /data/pocs/97e5d52c6fc2a65f5cd9e8dd82958981d1014f9a
├── [7.6K]  CVE-2025-57833.md
├── [ 427]  docker-compose.pgadmin.yml
├── [1.0K]  docker-compose.simple.yml
├── [1.4K]  docker-compose.yml
├── [ 616]  Dockerfile
├── [5.2K]  DOCKER_README.md
├── [4.0K]  document
│   └── [ 34K]  README.md
├── [1.7K]  entrypoint.sh
├── [4.4K]  exploit_test.py
├── [ 464]  init_db.sql
├── [4.0K]  local_attacks
│   ├── [6.8K]  exploit.py
│   └── [  16]  requirements.txt
├── [ 654]  manage.py
├── [ 701]  models.py
├── [1.6K]  README.md
├── [  53]  requirements.txt
├── [3.7K]  run_test.py
├── [2.5K]  settings.py
├── [1.5K]  setup_postgresql.sh
├── [4.0K]  templates
│   └── [9.8K]  index.html
├── [4.7K]  test_sqli.py
├── [ 368]  urls.py
└── [4.0K]  vuln_app
    ├── [  27]  __init__.py
    ├── [4.0K]  migrations
    │   ├── [1.2K]  0001_initial.py
    │   └── [   0]  __init__.py
    ├── [ 731]  models.py
    └── [4.3K]  views.py

5 directories, 27 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.