漏洞描述
该漏洞需要用户可控order_by传入的值,在预期列的位置注入SQL语句。
Django QuerySet.order_by() SQL注入漏洞(CVE-2021-35042)
PoC代码
暂无相关漏洞推荐
- Django 未授权 SQL注入漏洞
- Django 需授权 SQL注入漏洞
- POC CVE-2022-34265: Django - SQL injection
- POC CVE-2017-12794: Django Debug Page - Cross-Site Scripting
- POC CVE-2018-14574: Django - Open Redirect
- POC CVE-2020-9402: Django SQL Injection
- POC django-framework-exceptions: Django Framework Exceptions
- POC django-secret-key: Django Secret Key Exposure
- POC django-debug-exposure: Django Debug Exposure
- POC django-debug-config-enabled: Django Debug Configuration Enabled
- POC django-debug-enabled: Django Debug mode enabled
- GeoServer 2 /geoserver/wms 代码执行漏洞 (CVE-2023-35042)
- Django应用框架 SQL 注入漏洞