Skip to content
/ CVE-2022-28346 Public

SQL injection in QuerySet.annotate(), aggregate(), and extra()

1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

YouGina/CVE-2022-28346

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
cve202228346
cve202228346
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
requirements.txt
requirements.txt
 
 
setup.sh
setup.sh
 
 

Repository files navigation

CVE-2022-28346

SQL injection in QuerySet.annotate(), aggregate(), and extra()

Setup:

Run ./setup.sh for initial setup

Open the docker image to initiate the database: docker exec -it {container_id} /bin/bash And run the following commands:

python manage.py makemigrations cve202228346
python manage.py migrate

Start the instances using: docker-compose up

Now open the following URL to load sample data:

http://localhost:8000/load_example_data

Then go to the vulnerable page at: http://localhost:8000/users/

Exploit the parameter at: todo

About

SQL injection in QuerySet.annotate(), aggregate(), and extra()

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages