Skip to content

YouGina/CVE-2021-35042

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

cve202135042

cve202135042

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

requirements.txt

requirements.txt

 
 

setup.sh

setup.sh

 
 

Repository files navigation

CVE-2021-35042

SQL injection via unsanitized QuerySet.order_by() input

Setup:

Run ./setup.sh for initial setup

Open the docker image to initiate the database: docker exec -it {container_id} /bin/bash And run the following commands:

python manage.py makemigrations cve202135042
python manage.py migrate

Start the instances using: docker-compose up

Now open the following URL to load sample data:

http://localhost:8000/load_example_data

Then go to the vulnerable page at: http://localhost:8000/users/

Exploit the parameter at: http://localhost:8000/users/?order_by=name

About

SQL injection via unsanitized QuerySet.order_by() input

Resources

Readme
Activity

Stars

13 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages