mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 15:15:46 +02:00
0xMarcio
3.0 KiB
3.0 KiB
CVE-2020-7471
Description
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
POC
Reference
No PoCs from references.
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Awrrays/FrameVul
- https://github.com/CnHack3r/Penetration_PoC
- https://github.com/EchoGin404/-
- https://github.com/EchoGin404/gongkaishouji
- https://github.com/H3rmesk1t/Django-SQL-Inject-Env
- https://github.com/HxDDD/CVE-PoC
- https://github.com/Mohzeela/external-secret
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Pad0y/Django2_dailyfresh
- https://github.com/SNCKER/CVE-2020-7471
- https://github.com/Saferman/CVE-2020-7471
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SurfRid3r/Django_vulnerability_analysis
- https://github.com/Tempuss/CTF_CVE-2020-7471
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/Tyro-Shan/gongkaishouji
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
- https://github.com/ZTK-009/Penetration_PoC
- https://github.com/aeyesec/CVE-2022-34265
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/freeide/ybdt-pentest-arsenal
- https://github.com/hasee2018/Penetration_Testing_POC
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/bug-bounty
- https://github.com/huike007/penetration_poc
- https://github.com/huike007/poc
- https://github.com/huzaifakhan771/CVE-2020-7471-Django
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/maocatooo/Django2_dailyfresh
- https://github.com/mrlihd/CVE-2020-7471
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/password520/Penetration_PoC
- https://github.com/reph0r/poc-exp
- https://github.com/reph0r/poc-exp-tools
- https://github.com/secoba/DjVul_StringAgg
- https://github.com/siddharthraopotukuchi/trivy
- https://github.com/soosmile/POC
- https://github.com/t31m0/Vulnerability-Scanner-for-Containers
- https://github.com/umahari/security
- https://github.com/victomteng1997/cve-2020-7471-Time_Blind_SQLi-
- https://github.com/vinny-YZF/django
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yedada-wei/-
- https://github.com/yedada-wei/gongkaishouji
- https://github.com/yoryio/django-vuln-research