CVE-2020-7471

This repository contains a functional proof-of-concept exploit for CVE-2020-7471, demonstrating SQL injection via Django's StringAgg delimiter parameter. The PoC includes a Django project setup and a Python script that fuzzes delimiters and executes a malicious payload to prove the vulnerability.

This repository provides a detailed technical analysis of CVE-2020-7471, a SQL injection vulnerability in Django 3.0.2. It includes environment setup instructions, proof-of-concept code demonstrating the exploit, root cause analysis, and mitigation steps.

This repository contains a Django application demonstrating CVE-2020-7471, a SQL injection vulnerability in Django's StringAgg function. The PoC includes a Django project with PostgreSQL configuration and views to exploit the vulnerability via crafted delimiters.

This repository contains a functional proof-of-concept for CVE-2020-7471, demonstrating SQL injection via Django's StringAgg delimiter parameter. The PoC includes a Django project setup and a script that exploits the vulnerability to execute arbitrary SQL commands, such as pg_sleep(5), confirming the injection.

This repository contains a functional PoC for CVE-2020-7471, demonstrating SQL injection in Django's `StringAgg` class by exploiting the delimiter parameter. The provided Django views show how arbitrary SQL queries can be injected through user input.

This repository contains a functional Django application demonstrating CVE-2020-7471, a SQL injection vulnerability via the StringAgg delimiter parameter. The PoC includes a vulnerable endpoint that allows arbitrary SQL injection through the 'delim' query parameter.

The repository contains only static JavaScript and CSS files from Django's admin interface, with no exploit code or technical analysis related to CVE-2020-7471. The files appear to be part of a Django project's static assets rather than a functional PoC.

This repository contains a functional exploit for CVE-2020-7471, demonstrating a time-based blind SQL injection vulnerability in Django's StringAgg function. The PoC includes a Django application setup and a script that exploits the vulnerability to extract credentials from a PostgreSQL database.