Skip to content

mrlihd/CVE-2020-7471

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

cve20207471

cve20207471

 
 

vul_app

vul_app

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

requirements.txt

requirements.txt

 
 

setup.sh

setup.sh

 
 

Repository files navigation

CVE-2020-7471

SQL injection via StringAgg delimeter input

Setup:

Run ./setup.sh for initial setup

Open the docker image to initiate the database: docker exec -it {container_id} /bin/bash And run the following commands:

python manage.py makemigrations vul_app
python manage.py migrate

Start the instances using: docker-compose up

Now open the following URL to load sample data:

http://localhost:8000/vul_app/setupdb

Then go to the vulnerable page at: http://localhost:8000/vul_app/

Exploit the parameter at: http://localhost:8000/vul_app/?delim=!@#

About

Reproduce CVE-2020-7471

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages