CVE-2021-35042

This repository contains a functional Django application demonstrating CVE-2021-35042, a SQL injection vulnerability via unsanitized QuerySet.order_by() input. The exploit is triggered by manipulating the 'order_by' parameter in the URL, allowing arbitrary SQL injection.

This repository contains a functional proof-of-concept for CVE-2021-35042, demonstrating a SQL injection vulnerability in Django's ORM. It includes a Django application with a vulnerable view that allows arbitrary SQL execution via the `order_by` parameter, with detailed steps to exploit it on both SQLite and PostgreSQL.

This repository provides a detailed technical analysis of CVE-2021-35042, a SQL injection vulnerability in Django's QuerySet.order_by() function. It explains the root cause, affected versions, and the flawed input validation logic that allows SQL injection via table names in order_by() queries.

This repository contains a functional exploit for CVE-2021-35042, a Django 3.2.4 SQL injection vulnerability in the order_by() function. The exploit leverages error-based SQL injection via the extractvalue() function to dump the database, including a custom script and sqlmap guide for exploitation.

This repository provides a detailed technical analysis of CVE-2021-35042, a SQL injection vulnerability in Django's QuerySet.order_by() function. It includes root cause analysis, code snippets, and explanations of how improper input validation leads to SQL injection.

This repository contains a functional Django application demonstrating CVE-2021-35042, a SQL injection vulnerability via untrusted input in QuerySet.order_by(). The vulnerable endpoint allows arbitrary SQL injection through the 'order_by' parameter.

This repository provides a detailed technical analysis of CVE-2021-35042, a SQL injection vulnerability in Django's QuerySet.order_by() function. It includes an explanation of the root cause, affected versions, and the flawed input validation logic in Django's ORM.