Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-7471 PoC — Django SQL注入漏洞

Source
https://github.com/secoba/DjVul_StringAgg
Associated Vulnerability
Title:Django SQL注入漏洞 (CVE-2020-7471)
Description:Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
Description
Django StringAgg SQL Injection (CVE-2020-7471)
Readme
### Django CVE-2020-7471 SQLi

> CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter.

### RUN

```bash
python manage.py makemigrations

python manage.py migrate

python manage.py runserver
```

### 参考
- https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
- https://code.djangoproject.com/ticket/30315
- https://docs.djangoproject.com/zh-hans/2.2/_modules/django/contrib/postgres/aggregates/general/
File Snapshot

 [4.0K]  /data/pocs/ac2801fefe1df23cda916e4000af5d33e966775c
├── [4.0K]  app
│   ├── [  63]  admin.py
│   ├── [  81]  apps.py
│   ├── [   0]  __init__.py
│   ├── [4.0K]  migrations
│   │   ├── [ 887]  0001_initial.py
│   │   ├── [ 621]  0002_auto_20200213_0421.py
│   │   ├── [ 879]  0003_auto_20200213_0434.py
│   │   ├── [1.1K]  0004_auto_20200213_0443.py
│   │   └── [   0]  __init__.py
│   ├── [ 277]  models.py
│   ├── [  60]  tests.py
│   └── [ 744]  views.py
├── [4.0K]  DjVul_StringAgg
│   ├── [ 407]  asgi.py
│   ├── [   0]  __init__.py
│   ├── [3.3K]  settings.py
│   ├── [ 880]  urls.py
│   └── [ 407]  wsgi.py
├── [ 635]  manage.py
├── [ 285]  postgre-docker-compose.yml
├── [ 562]  README.md
└── [  22]  requirements.txt

3 directories, 20 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →