Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-34265 PoC — Django SQL注入漏洞

Source
https://github.com/traumatising/CVE-2022-34265
Associated Vulnerability
Title:Django SQL注入漏洞 (CVE-2022-34265)
Description:An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
Description
CVE-2022-34265 Vulnerability
Readme
# CVE-2022-34265
Vulnerability Summary

This vulnerability is due to improper string processing when executing SQL for the arguments of the functions Trunc and Extract used for date data in Django. By specifying the request parameters as is in the kind argument of Trunc or the lookup_name argument of Extract, there is a risk that arbitrary SQL minutes can be executed. By exploiting this vulnerability, a third party can send commands to the database to access unauthorized data or delete the database.
File Snapshot

 [4.0K]  /data/pocs/d685e70edbe43153aedcab7a74173da2e774823d
├── [ 537]  docker-compose.yml
├── [ 349]  Dockerfile
├── [ 393]  models.py
├── [ 505]  README.md
├── [3.1K]  settings.py
├── [ 849]  urls.py
└── [1.1K]  views.py

0 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →