Django < 3.0 < 2.2 < 1.11 - Account Hijack

2019-12-2400:00:00

Ryuji Tsutsui

www.exploit-db.com

102

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.198 Low

EPSS

Percentile

96.3%

JSON

EDB Note ~ Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47879.zip


# django_cve_2019_19844_poc
PoC for [CVE-2019-19844](https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

# Requirements

- Python 3.7.x
- PostgreSQL 9.5 or higher

## Setup

1. Create database(e.g. `django_cve_2019_19844_poc`)
1. Set the database name to the environment variable `DJANGO_DATABASE_NAME`(e.g. `export DJANGO_DATABASE_NAME=django_cve_2019_19844_poc`)
1. Run `pip install -r requirements.txt && ./manage.py migrate --noinput`
1. Create the following user with `shell` command:

```python
>>> from django.contrib.auth import get_user_model
>>> User = get_user_model()
>>> User.objects.create_user('mike123', '[email protected]', 'test123')
```

## Procedure For Reproducing

1. Run `./manage.py runserver`
1. Open `http://127.0.0.1:8000/accounts/password-reset/`
1. Input `mı[email protected]` (Attacker's email), and click send button
1. Receive email (Check console), and reset password
1. Login as `mike123` user