nuclei-templates/dast/cves/2022/CVE-2022-34265.yaml

47 lines
1.6 KiB
YAML
Raw Normal View History

2024-03-16 18:44:49 +00:00
id: CVE-2022-34265
info:
name: Django - SQL injection
author: princechaddha
severity: critical
description: |
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
reference:
- https://github.com/vulhub/vulhub/tree/master/django/CVE-2022-34265
- https://nvd.nist.gov/vuln/detail/CVE-2022-34265
- https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
- https://docs.djangoproject.com/en/4.0/releases/security/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-34265
cwe-id: CWE-89
2024-03-23 09:32:51 +00:00
tags: sqli,dast,vulhub,cve,cve2022,django
2024-03-16 18:44:49 +00:00
variables:
rand_string: '{{rand_text_alpha(15, "abc")}}'
http:
2024-03-31 19:55:42 +00:00
- pre-condition:
2024-03-26 07:21:56 +00:00
- type: dsl
dsl:
- 'method == "GET"'
2024-03-16 18:44:49 +00:00
fuzzing:
- part: query
fuzz:
- "test'{{rand_string}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'syntax error at or near "{{rand_string}}&quot'
- 'LINE 1: SELECT DATE_TRUNC'
condition: and
- type: status
status:
- 500
# digest: 4a0a00473045022100991d4f9cc916935beb1ad69688feda3753f72a2ab38d08917c1e133380434c010220783ace6ba00da5d1932b3362ce58cec8541b97e0058c709b6c99ff14f9cdaba8:922c64590222798bb761d5b6d8e72950