46 lines
1.3 KiB
YAML
46 lines
1.3 KiB
YAML
|
id: CVE-2022-34265
|
||
|
|
||
|
info:
|
||
|
name: Django - SQL injection
|
||
|
author: princechaddha
|
||
|
severity: critical
|
||
|
description: |
|
||
|
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
|
||
|
reference:
|
||
|
- https://github.com/vulhub/vulhub/tree/master/django/CVE-2022-34265
|
||
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-34265
|
||
|
- https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
|
||
|
- https://docs.djangoproject.com/en/4.0/releases/security/
|
||
|
classification:
|
||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||
|
cvss-score: 9.8
|
||
|
cve-id: CVE-2022-34265
|
||
|
cwe-id: CWE-89
|
||
|
tags: sqli,dast,vulhub,cve,cve2022,django,fuzz
|
||
|
|
||
|
variables:
|
||
|
rand_string: '{{rand_text_alpha(15, "abc")}}'
|
||
|
|
||
|
http:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- "{{BaseURL}}"
|
||
|
|
||
|
fuzzing:
|
||
|
- part: query
|
||
|
fuzz:
|
||
|
- "test'{{rand_string}}"
|
||
|
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
- type: word
|
||
|
part: body
|
||
|
words:
|
||
|
- 'syntax error at or near "{{rand_string}}"'
|
||
|
- 'LINE 1: SELECT DATE_TRUNC'
|
||
|
condition: and
|
||
|
|
||
|
- type: status
|
||
|
status:
|
||
|
- 500
|