Shulou(Shulou.com)05/31 Report--

How to analyze the recurrence of CVE-2020-7471 Django sql injection vulnerabilities, many novices are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

Introduction to 0x00

Django is an open source Web application framework written by Python.

Using Django, Python programmers can easily complete most of the content needed by a formal website with very little code, and further develop a full-function Web service Django itself based on MVC model, that is, Model (model) + View (view) + Controller (controller) design pattern. MVC pattern simplifies subsequent modifications and extensions of the program, and makes it possible to reuse a certain part of the program.

Overview of 0x01 vulnerabilities

Attackers can bypass escape symbols (\) and inject malicious SQL statements by constructing delimiters and passing them to the aggregate function contrib.postgres.aggregates.StringAgg.

0x02 scope of influence

Django 1.11.x < 1.11.28

Django 2.2.x < 2.2.10

Django 3.0.x < 3.0.3

Django main development branch

Unaffected area:

Django 1.11.28

Django 2.2.10

Django 3.0.3

0x03 environment building

1. Using kali to build django vulnerability version using version 3.0.2

Pip3 install django==3.0.2

two。 Install the postgres database. Since kali comes with the postgres database, start it directly here.

Systemctl start postgresql

3. Use the command sudo-I-u postgres to enter the postgres account, then enter psql to enter the database, and create the test database test. CREATE DATABASE test

4. Change the database password, ALTER USER postgres WITH PASSWORD 'root'

Recurrence of 0x04 vulnerabilities

1. Here use poc to do the experiment, download poc to local

Git clone https://github.com/Saferman/CVE-2020-7471.git

two。 Then go to CVE-2020-7471/sqlvul_projects/settings.py and modify the database configuration. If you previously installed the default configuration (including password) used by the postgres database, there is no need to modify any configuration here.

3. After the modification, go back to the upper layer, and then initialize the table in the test database test using the code in CVE

Python3 manage.py migratepython3 manage.py makemigrations vul_apppython3 manage.py migrate vul_app

It doesn't matter if the operation doesn't change the data. The initialization environment is complete.

4. Enter the test database to view the data table

\ C test / / enter the test database\ d view all tables

View information about the vul_app_info table

Select * from vul_app_info

5. It doesn't matter if you don't insert the data. Use vim to view the contents of CVE-2020-7471.py.

Vim CVE-2020-7471.py

6. Execute poc to insert data into the database

Python3 CVE-2020-7471.py

You can see that the data in POC is written to the database, and the injection is successful.

0x05 repair mode

Upgrade to the latest version 3.0.3 of Django

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.