Find the room here: https://tryhackme.com/room/djangocve202564459
Django is a widely used Python web framework that exposes Object-Relational Mapping (ORM) layer to let developers query databases using familiar Python syntax. That convenience becomes a liability when user input is fed straight into ORM calls without validation. In particular, some applications expand request parameter dictionaries directly into filter(), exclude() or get() calls. For example, filter(**request.GET.dict()) inadvertently allows an attacker to supply internal query-control parameters.
A critical vulnerability exists where specially crafted query parameters such as _connector and _negated can be injected into those ORM calls. By manipulating how query clauses are combined or inverted, an attacker can alter the logical structure of database queries leading to unauthorised data access, authentication bypasses, or privilege escalation. The issue is high-severity (CVSS ~9.1) and straightforward to exploit in many common coding patterns.
This room will explain what makes the flaw possible, show how to identify the risky code pattern in a codebase, demonstrate practical exploitation in an isolated lab environment, and walk through remediation and detection strategies so the same mistake is not repeated in production.
Task 1 Introduction
Let's dive in!
No answer needed
Task 2 Technical Details
Let's exploit this vulnerability!
No answer needed
Task 3 Exploitation
What is the title of the post by "DevOps Engineer"?
Monitoring Django Apps — Advanced
Browse to http://MACHINE_IP:8000/poc/employees. What is the name of the employee whose hire date is "June 5, 2022"?
David Rodriguez
Task 4 Conclusion
If you enjoyed this room, check the other rooms in the Recent Threats module.
No answer needed
If this story was helpful and you wish to show a little support, you could:
- Clap 50 times for this story 👏 👏 👏
- Leave a comment telling me what you think
- Highlight the parts in this story that resonate with you
- Follow me on Medium
These actions really help me out, and are much appreciated!