Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19844 PoC — Django 授权问题漏洞

Source
https://github.com/ryu22e/django_cve_2019_19844_poc
Associated Vulnerability
Title:Django 授权问题漏洞 (CVE-2019-19844)
Description:Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 1.11.27之前版本、2.2.9之前的2.x版本和3.0.1之前的3.x版本中存在安全漏洞。攻击者可借助特制的邮件地址利用该漏洞劫持用户账户。
Description
PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)
Readme
# django_cve_2019_19844_poc
PoC for [CVE-2019-19844](https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

![](https://github.com/ryu22e/django_cve_2019_19844_poc/workflows/django_cve_2019_19844_poc/badge.svg)

# Requirements

- Python 3.7.x
- PostgreSQL 9.5 or higher

## Setup

1. Create database(e.g. `django_cve_2019_19844_poc`)
1. Set the database name to the environment variable `DJANGO_DATABASE_NAME`(e.g. `export DJANGO_DATABASE_NAME=django_cve_2019_19844_poc`)
1. Run `pip install -r requirements.txt && ./manage.py migrate --noinput`
1. Create the following user with `shell` command:

```python
>>> from django.contrib.auth import get_user_model
>>> User = get_user_model()
>>> User.objects.create_user('mike123', 'mike@example.org', 'test123')
```

## Procedure For Reproducing

1. Run `./manage.py runserver`
1. Open `http://127.0.0.1:8000/accounts/password-reset/`
1. Input `mıke@example.org` (Attacker's email), and click send button
1. Receive email (Check console), and reset password
1. Login as `mike123` user

![Email](/images/email.jpg "Email")
File Snapshot

 [4.0K]  /data/pocs/afe96e6f285f314c98e751e2cc3ab42167005154
├── [4.0K]  accounts
│   ├── [  63]  admin.py
│   ├── [  91]  apps.py
│   ├── [ 345]  forms.py
│   ├── [   0]  __init__.py
│   ├── [4.0K]  migrations
│   │   └── [   0]  __init__.py
│   ├── [  57]  models.py
│   ├── [4.0K]  templates
│   │   ├── [ 349]  login.html
│   │   ├── [4.0K]  mails
│   │   │   └── [4.0K]  password_reset
│   │   │       ├── [ 155]  body.txt
│   │   │       └── [  15]  subject.txt
│   │   ├── [ 221]  password_reset_complete.html
│   │   ├── [ 265]  password_reset_confirm.html
│   │   ├── [ 164]  password_reset_done.html
│   │   ├── [ 299]  password_reset.html
│   │   └── [ 218]  profile.html
│   ├── [2.5K]  tests.py
│   ├── [1.5K]  urls.py
│   └── [1.0K]  views.py
├── [4.0K]  django_cve_2019_19844_poc
│   ├── [ 427]  asgi.py
│   ├── [   0]  __init__.py
│   ├── [3.8K]  settings.py
│   ├── [ 825]  urls.py
│   └── [ 427]  wsgi.py
├── [4.0K]  images
│   └── [164K]  email.jpg
├── [1.0K]  LICENSE
├── [ 645]  manage.py
├── [1.1K]  README.md
└── [  79]  requirements.txt

7 directories, 27 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.