复现环境:Vulhub
环境启动后,访问http://192.168.80.141:8000
即可看到Django默认首页
漏洞复现
首先登陆后台http://192.168.80.141:8000/admin/
,用户名密码为admin
、a123123123
。
登陆后台后,进入模型Collection
的管理页面http://192.168.80.141:8000/admin/vuln/collection/
:
然后在GET参数中构造detail__a'b=123
提交,其中detail
是模型Collection
中的JSONField:
127.0.0.1:8000/admin/vuln/collection/?detail__a'b=123
可见,单引号已注入成功,SQL语句报错:
- Vulnerability Django-SQL Injection Django 14234vulnerability django-sql injection django django-sql 14234 vulnerability apache_parsing_vulnerability understanding convolutional vulnerability structural authentication vulnerability apache bypass vulnerability database national nvd vulnerability frameworks cdeepfuzz automated vulnerability领域exploit计算机