CVE-2025-64459

This is a functional proof-of-concept exploit for CVE-2025-64459, targeting a SQL injection vulnerability in Django's QuerySet methods. It demonstrates arbitrary SQL injection via crafted _connector parameters and includes multiple testing modes (baseline, exploit, multi, check).

The repository contains a Python-based network scanner for detecting CVE-2025-64459, a Django SQL injection vulnerability. It checks for open ports, identifies Django applications, and tests for SQL injection by comparing user lists before and after payload injection.

This repository contains a functional Django-based PoC demonstrating CVE-2025-64459, a SQL injection vulnerability in Django ORM via Q object unpacking. The exploit shows how an attacker can bypass filters by injecting a malicious '_connector' parameter.

This repository contains a functional PoC for CVE-2025-64459, demonstrating SQL injection in Django ORM via Q object unpacking. The exploit bypasses filters by injecting a malicious '_connector' parameter, exposing admin users.

This repository provides a testbed and documentation for CVE-2025-64459, a parameter injection vulnerability in Django's QuerySet.filter() when using dictionary expansion. It includes exploitation examples and references to a vulnerable target for testing.

This repository contains two bash scripts designed to scan Docker containers for Django installations vulnerable to CVE-2025-64459. The first script checks Django versions against known vulnerable ranges, while the second verifies the presence of a specific patch in the query_utils.py file.

This repository contains a functional Django application demonstrating CVE-2025-64459, a SQL injection vulnerability in Django's QuerySet and Q objects. The exploit is triggered via query parameters (`_connector=OR 1=1 OR`), allowing arbitrary SQL fragments to be injected, leading to data exposure.

This repository contains a Python-based network scanner designed to detect CVE-2025-64459, a Django SQL injection vulnerability. It checks for vulnerable Django instances by sending crafted payloads and analyzing responses.

The repository contains a Django-based helpdesk application with models and migrations but lacks exploit code or detailed vulnerability information. The README references a PDF for exploitation details, which is not included.

This repository contains a working PoC for CVE-2025-64459, demonstrating Django ORM filter injection vulnerabilities in both authentication and product listing endpoints. The exploit leverages Django's ORM query parameter injection via `_connector` and `_negated` to bypass authentication and access non-public products.