SQL injection via unsanitized QuerySet.order_by() input
Run ./setup.sh
for initial setup
Open the docker image to initiate the database:
docker exec -it {container_id} /bin/bash
And run the following commands:
python manage.py makemigrations cve202135042
python manage.py migrate
Start the instances using:
docker-compose up
Now open the following URL to load sample data:
http://localhost:8000/load_example_data
Then go to the vulnerable page at: http://localhost:8000/users/
Exploit the parameter at: http://localhost:8000/users/?order_by=name