Skip to content
漏洞demo
Python HTML
Branch: master
Clone or download
Rivaill Merge pull request #1 from MinhKMA/master
Thank you for your contribution.
Latest commit 069406d Aug 4, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
TestModel first Aug 3, 2019
app
templates
.gitattributes
PoC.py first Aug 3, 2019
README.md Update README.md Aug 4, 2019
manage.py
requirements.txt

README.md

CVE_2019_14234

python 2.7.x CentOS7

  • install python 2.7

    curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
    python get-pip.py
    yum install gcc openssl-devel bzip2-devel python-devel -y
    
  • install postgres via docker

    curl -sSL https://get.docker.com/ | sudo sh
    usermod -aG docker root
    systemctl start docker
    
    docker run --name some-postgres -e POSTGRES_USER=root -e POSTGRES_PASSWORD=minhkma -e POSTGRES_DB=test -p 5432:5432 -d postgres
    
  • Install and setup django to PoC

    pip install requirements.txt
    vim app/settings.py # update DATABASES
    python manage.py migrate
    python manage.py runserver 0.0.0.0:8000
    
  • PoC

    python PoC.py
  • output

    [root@grafana CVE_2019_14234]# python PoC.py 
    /usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.25.3) or chardet (2.2.1) doesn't match a supported version!
    RequestsDependencyWarning)
    Vulnerability!
    
You can’t perform that action at this time.