CVE-2019-14234 django JSONField SQL注入漏洞 复现

作者: print("") 分类: 未分类 发布时间: 2019-08-08 16:11

环境如下

  • python 3.5.2

  • django 2.2.2

  • postgresql 11.0

安装postgresql   11.0

设置好账号密码

############安装django部分省略

/usr/local/python36/bin/pip3 install django==2.2.2

然后去网上找了一个项目

https://github.com/kycool/django-example

pip3 install -r requirementx.txt

然后修改源代码

models 添加一个类

[root@btmail blog]# cat models.py 
# -*- coding: utf-8 -*-

from django.db import models
from django.contrib.postgres.fields import JSONField


class Book(models.Model):
    """book model"""
    name = models.CharField('书籍名称', max_length=40, blank=True, default='')
    extra_data = JSONField('扩展数据', default={})
    create_time = models.DateTimeField('创建时间', auto_now_add=True)

    def __str__(self):
        return self.name

    class Meta:
        verbose_name = '书籍'
        verbose_name_plural = '书籍'
        
class Collection(models.Model):
    name = models.CharField(max_length=128, default='default name')
    detail = JSONField('扩展数据', default={})

    def __str__(self):
        return self.name

然后在admin.py 里面注册这个类

[root@btmail blog]# cat admin.py 
# -*- coding: utf-8 -*-

from django.contrib import admin
from django.contrib.postgres.fields import JSONField

from djexample.djtools import widgets
from . import models

@admin.register(models.Collection)


class CommonAdminMixin(admin.ModelAdmin):
    """Common Admin Mixin"""
    list_max_show_all = 20
    list_per_page = 20

    formfield_overrides = {
        JSONField: {'widget': widgets.JsonEditorWidget}
    }

    class Media:
        from django.conf import settings
        static_url = getattr(settings, 'STATIC_URL')

        css = {
            'all': (static_url + 'jsoneditor.min.css', )
        }
        js = (static_url + 'jsoneditor-minimalist.min.js', )


@admin.register(models.Book)
class BookAdmin(CommonAdminMixin):
    """docstring for BookAdmin"""
    list_display = ['id', 'name']

建立数据库:建立管理员账户

/usr/local/python36/bin/python3 manage.py makemigrations
/usr/local/python36/bin/python3 manage.py migrate
/usr/local/python36/bin/python3 manage.py createsuperuser

启动

/usr/local/python36/bin/python3 manage.py runserver 0:9999

访问一下:

?detail__a%27b=1

项目文件:https://www.o2oxy.cn/wp-content/uploads/2019/08/django-example.zip

参考文章1:https://www.leavesongs.com/PENETRATION/django-jsonfield-cve-2019-14234.html

参考文章2::https://xz.aliyun.com/t/5896

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

说点什么

avatar
  Subscribe  
提醒