¡¾Â©¶´Í¨¸æ¡¿Django SQL×¢È멶´£¨CVE-2022-34265£©
Ðû²¼Ê±¼ä 2022-07-050x00 ©¶´¸ÅÊö
CVE ID | CVE-2022-34265 | ·¢ÏÖʱ¼ä | 2022-07-05 |
Àà ÐÍ | SQL×¢Èë | µÈ ¼¶ | ¸ßΣ |
Ô¶³ÌÀûÓà | Ó°Ï췶Χ | ||
¹¥»÷ÅÓ´ó¶È | Óû§½»»¥ | ||
PoC/EXP | ÔÚÒ°ÀûÓÃ |
0x01 ©¶´ÏêÇé
DjangoÊÇÒ»¸ö»ùÓÚPythonµÄ¿ªÔ´WebÓ¦Óÿò¼Ü¡£
7ÔÂ4ÈÕ£¬DjangoÏîÄ¿Ðû²¼¸üÐÂͨ¸æ£¬ÐÞ¸´ÁËDjangoÖеÄÒ»¸öSQL×¢È멶´£¨CVE-2022-34265£©¡£
ÔÚÊÜÓ°ÏìµÄDjango°æ±¾ÖУ¬¿ÉÒÔͨ¹ýͨ±¨¶ñÒâÊý¾Ý×÷Ϊkind/lookup_nameµÄÖµ£¬Èç¹ûÓ¦Ó÷¨Ê½ÔÚ½«ÕâЩ²ÎÊýͨ±¨¸øTrunc() ºÍ Extract() Êý¾Ý¿âº¯Êý£¨ÈÕÆÚº¯Êý£©Ö®Ç°Ã»Óо¹ýÊäÈë¹ýÂË»òתÒ壬ÔòÈÝÒ×Êܵ½SQL×¢Èë¹¥»÷¡£½«lookup_name ºÍkind choiceÏÞÖÆÔÚÒÑÖªÄþ¾²ÁбíÖеÄÓ¦Ó÷¨Ê½²»ÊÜÓ°Ïì¡£
Ó°Ï췶Χ
DjangoÖ÷·ÖÖ§
Django 4.1£¨²âÊÔÖУ©
Django 4.0°æ±¾£º< 4.0.6
Django 3.2°æ±¾£º< 3.2.14
0x02 Äþ¾²½¨Òé
Ä¿Ç°´Ë©¶´ÒѾÐÞ¸´£¬ÊÜÓ°ÏìÓû§¿ÉÒÔÉý¼¶µ½ÒÔÏ°汾£º
Django 4.0°æ±¾£ºÉý¼¶µ½4.0.6
Django 3.2°æ±¾£ºÉý¼¶µ½3.2.14
×¢£º´Ë©¶´ÒÑÔÚDjango Ö÷·ÖÖ§ÒÔ¼°4.1¡¢4.0 ºÍ 3.2 °æÌìÖ°Ö§ÖÐÐÞ¸´£¬µ«Django 4.1°æ±¾Ä¿Ç°´¦ÓÚ²âÊÔ״̬¡£
ÏÂÔØÁ´½Ó£º
https://github.com/django/django/tags
0x03 ²Î¿¼Á´½Ó
https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
https://github.com/django/django
https://www.bleepingcomputer.com/news/security/django-fixes-sql-injection-vulnerability-in-new-releases/
0x04 °æ±¾ÐÅÏ¢
°æ±¾ | ÈÕÆÚ | ÐÞ¸ÄÄÚÈÝ |
V1.0 | 2022-07-05 | Ê×´ÎÐû²¼ |
0x05 ¸½Â¼
¶¶È¦Îª¶Ä¶øÉú¼ò½é
¶¶È¦Îª¶Ä¶øÉú½¨Á¢ÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Äþ¾²¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Äþ¾²²úÎï¡¢Äþ¾²·þÎñ½â¾ö·½°¸µÄÁ캽ÆóÒµÖ®Ò»¡£
¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¶¶È¦Îª¶Ä¶øÉú´óÏ㬹«Ë¾Ô±¹¤½ü4000ÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬ÓµÓÐÁýÕÖÈ«¹úµÄÏúÊÛÌåϵ¡¢ÇþµÀÌåϵºÍ¼¼ÊõÖ§³ÖÌåϵ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©
¶àÄêÀ´£¬¶¶È¦Îª¶Ä¶øÉúÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´ÐµÄÄþ¾²²úÎïºÍ×î¼Ñʵ¼ù·þÎñ£¬×ÊÖú¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄÄþ¾²ÐÔºÍÉú²úЧÄÜ£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Äþ¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Å¬Á¦¡£
¹ØÓÚ¶¶È¦Îª¶Ä¶øÉú
¶¶È¦Îª¶Ä¶øÉúÄþ¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖØÒªÄþ¾²Â©¶´µÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÄþ¾²³ÂËß¡£
¹Ø×¢ÒÔϹ«Öںţ¬»ñÈ¡È«Çò×îÐÂÄþ¾²×ÊѶ£º