• Stars
    star
    104
  • Rank 328,691 (Top 7 %)
  • Language
    Python
  • Created over 4 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

django 漏洞:CVE-2020-7471 Potential SQL injection via StringAgg(delimiter) 的漏洞环境和 POC

CVE-2020-7471

这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAgg(delimiter) 漏洞的环境和 POC

受影响的 django 版本

  • 1.11 到 1.11.28(不含)
  • 2.2 到 2.2.10(不含)
  • 3.0 到 3.0.3(不含)

下载使用前需要如下操作:

  1. 安装 django 漏洞版本,我测试用的是

    pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple
  2. 参考 https://www.runoob.com/postgresql/windows-install-postgresql.html 完成 postgres 数据库的安装

  3. 新建数据库

    CREATE DATABASE test;
  4. 修改 sqlvul_projects/settings.py 里面的数据库配置,如果上一步你安装用的默认配置(包括设置密码为postgres),就无需修改任何配置,可以跳过这一步

    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.postgresql',
            'NAME': 'test',         # 数据库名称
            'USER': 'postgres',
            'PASSWORD': 'postgres', # 数据库用户密码
            'HOST': '127.0.0.1',    # 数据库地址
            'PORT': '5432',
        }
    }
    
  5. 通过 django 初始化数据表

    python3 manage.py migrate
    python3 manage.py makemigrations vul_app
    python3 manage.py migrate vul_app

然后运行 POC 脚本CVE-2020-7471.py就可以了

More Repositories

1

cupper

It comes!!
Python
131
star
2

Super-Spider

根据腾讯安全应急响应中心的架构编写的一款超强爬虫(广度优先搜索)
Python
85
star
3

Datadome-Hermes-Bypass-Research

该仓库是在爱马仕/hermes官网进行预约活动的技术交流项目
Python
19
star
4

DamaiBetterHelper

Kotlin
5
star
5

python-graphical-interface

当你需要将你的脚本python制作成一个图形界面的时候,可在这个py的基础上修改
Python
5
star
6

saferman.github.io

CSS
5
star
7

traffic-flow-simulation-based-on-CA

A packed programmes written in 2017 MCM
MATLAB
4
star
8

Simple-Sniffing-Tool

Python
1
star
9

Security

No system is safe enough
1
star
10

assistant-tool

This repository contains some tools which is simple but can make your work effecient
Python
1
star
11

password-dictionary

1
star
12

ThesisTemplates

TeX
1
star
13

image-processing

Tools and pys used in a CTF contest to do captcha recognition
OpenEdge ABL
1
star
14

simple-spider

Python
1
star
15

gallery

Life is more than just what you see before your eyes, there is also poetry and distant lands.
SCSS
1
star
16

Jarvis-Auxiliary_Files

Python
1
star
17

Curriculum-Design-of-Information-Theory

1
star
18

Jarvis-UNO

Arduino
1
star
19

PRLPP

a parametric regularized locality preserving projections (LPP) method for face recognition
MATLAB
1
star
20

SearchWithDifferentEngine

A command line tool
Python
1
star
21

deep-learning-practice

Python
1
star
22

matplotlib_for_bachelor_thesis

本科毕业设计作图的代码
Python
1
star
23

online-penetration-build-by-flask

Python
1
star
24

FinPlus_SearchEngine

This is my product in 2019 Chengdu80 competition, which is a powerful search engine used to discover core authors and hot topics in 20 thousand fields
CSS
1
star
25

Simplify-by-using-Karaugh-map-

This repository is to simplify karaugh map with any variables instead of doing it yourself
Python
1
star
26

self-customed-wifi-phishing-tool

Python
1
star
27

DataAnalyzeOfWsalon

These are my python codes in the work of data mining of Tsinghua Wsalon. Not only do we discover reliable core users and core research directions but also we make a beatiful visual map via Gephi
Python
1
star
28

Jarvis-Raspberrypi

This is my first electronic product which is composed of Raspberrpi and Arduino harware. I use both C code and Python code to control this electronic system.
Python
1
star
29

Self-Customed-SqlTool-Framework

Python
1
star