bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/python/webapps/47879.md
Offensive Security d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00

1 KiB
Raw Permalink Blame History

EDB Note ~ Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47879.zip

django_cve_2019_19844_poc

PoC for CVE-2019-19844

Requirements

  • Python 3.7.x
  • PostgreSQL 9.5 or higher

Setup

  1. Create database(e.g. django_cve_2019_19844_poc)
  2. Set the database name to the environment variable DJANGO_DATABASE_NAME(e.g. export DJANGO_DATABASE_NAME=django_cve_2019_19844_poc)
  3. Run pip install -r requirements.txt && ./manage.py migrate --noinput
  4. Create the following user with shell command:
>>> from django.contrib.auth import get_user_model
>>> User = get_user_model()
>>> User.objects.create_user('mike123', 'mike@example.org', 'test123')

Procedure For Reproducing

  1. Run ./manage.py runserver
  2. Open http://127.0.0.1:8000/accounts/password-reset/
  3. Input mıke@example.org (Attacker's email), and click send button
  4. Receive email (Check console), and reset password
  5. Login as mike123 user