Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to analyze the recurrence of Django URL Jump vulnerability (cve-2018-14574)

2025-04-10 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article introduces how to analyze the recurrence of Django URL jump loopholes (cve-2018-14574). The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

Django is an open source Web application framework written by Python. The frame pattern of MTV is adopted, that is, model M, view V and template T. It was originally developed to manage some of Lawrence Publishing Group's news-based websites, known as CMS software. And released under the BSD license in July 2005.

The cause of the vulnerability is that if APPEND_SLASH=True is set and the initial URL does not end with a slash and it cannot be found in the urlpatterns, a new URL is formed by appending a slash to the end. To put it simply, if there is no url added at the end and the url defined in the urlpatterns does not match, the / will be added and the request will be re-requested.

Version affected by the vulnerability: version 1.11.x before Django1.11.15 and version Django2.0.x before Django2.0.8

The following is only for vulnerability recurrence record and implementation, and the utilization process is as follows:

1. Vulnerability environment

This environment is built with vulhub.

Execute the following command to complete the environment building

Cd vulhub/django/CVE-2018-14574 /

Docker-compose up-d

After startup, the information is as follows

Vulnerability link: http://192.168.101.152:8000/

After the visit, as shown in the following figure

two。 Utilization process

Direct access to the link http://192.168.101.152:8000//www.baidu.com

Will jump to Baidu after the visit.

End.

On how to analyze the Django URL jump vulnerability (cve-2018-14574) recurrence is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Vulnerabilities content versions environment analysis slashes more endings frames processes links help yes news information interests publishing groups reasons orders guys vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple vpn OPPO Reno Redmi Huawei NVidia Shulou Technology Shulou Tech Info Linux Apple Docker macOS Shulou Information Xiaomi MySQL MariaDB Microsoft vpn OPPO Reno Redmi Huawei NVidia Shulou Technology Shulou Tech Info Linux Apple Docker macOS Shulou Information Xiaomi MySQL MariaDB Microsoft

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report