django_cve_2019_19844_poc

PoC for CVE-2019-19844

Requirements

Python 3.7.x
PostgreSQL 9.5 or higher

Setup

Create database(e.g. django_cve_2019_19844_poc)
Set the database name to the environment variable DJANGO_DATABASE_NAME(e.g. export DJANGO_DATABASE_NAME=django_cve_2019_19844_poc)
Run pip install -r requirements.txt && ./manage.py migrate --noinput
Create the following user with shell command:

>>> from django.contrib.auth import get_user_model
>>> User = get_user_model()
>>> User.objects.create_user('mike123', '[email protected]', 'test123')

Procedure For Reproducing

Run ./manage.py runserver
Open http://127.0.0.1:8000/accounts/password-reset/
Input mı[email protected] (Attacker's email), and click send button
Receive email (Check console), and reset password
Login as mike123 user

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
.github/workflows		.github/workflows
accounts		accounts
django_cve_2019_19844_poc		django_cve_2019_19844_poc
images		images
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
manage.py		manage.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

django_cve_2019_19844_poc

Requirements

Setup

Procedure For Reproducing

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

ryu22e/django_cve_2019_19844_poc

Folders and files

Latest commit

History

Repository files navigation

django_cve_2019_19844_poc

Requirements

Setup

Procedure For Reproducing

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages