Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-57833 PoC — Django SQL注入漏洞

Source
https://github.com/sw0rd1ight/CVE-2025-57833
Associated Vulnerability
Title:Django SQL注入漏洞 (CVE-2025-57833)
Description:An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
Description
Analysis and reproduction of CVE-2025-57833
Readme
CVE-2025-57833 分析和复现
File Snapshot

 [4.0K]  /data/pocs/d962338015f209b38ec1e979032d3164177803e8
├── [ 659]  manage.py
├── [  30]  README.md
├── [4.0K]  vuln
│   ├── [  63]  admin.py
│   ├── [ 140]  apps.py
│   ├── [   0]  __init__.py
│   ├── [4.0K]  migrations
│   │   ├── [ 912]  0001_initial.py
│   │   ├── [ 642]  0002_auto_20251102_0128.py
│   │   └── [   0]  __init__.py
│   ├── [ 265]  models.py
│   ├── [  60]  tests.py
│   ├── [ 126]  urls.py
│   └── [1.6K]  views.py
└── [4.0K]  web
    ├── [ 383]  asgi.py
    ├── [   0]  __init__.py
    ├── [3.4K]  settings.py
    ├── [ 814]  urls.py
    └── [ 383]  wsgi.py

4 directories, 17 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →