first commit

django/CVE-2018-14574/Dockerfile

@@ -0,0 +1,10 @@
+FROM python:3.7-alpine
+
+LABEL maintainer="phithon <root@leavesongs.com>"
+
+RUN pip install -U pip \
+    && pip install django==2.0.7
+
+WORKDIR /usr/src
+
+CMD ["python", "app.py", "runserver", "0.0.0.0:8000"]

django/CVE-2018-14574/README.md

@@ -0,0 +1,37 @@
+# Django < 2.0.8 Open Redirect in CommonMiddleware (CVE-2018-14574)
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design.
+
+Django versions before 2.0.8 and 1.11.15 contain an open redirect vulnerability in CommonMiddleware when both `django.middleware.common.CommonMiddleware` and the `APPEND_SLASH` setting are enabled. If the project has a URL pattern that accepts any path ending in a slash, a maliciously crafted URL could lead to a redirect to an arbitrary external site, enabling phishing and other attacks.
+
+References:
+
+- <https://www.djangoproject.com/weblog/2018/aug/01/security-releases/>
+- <https://nvd.nist.gov/vuln/detail/CVE-2018-14574>
+
+## Environment Setup
+
+Execute the following command to start a vulnerable Django 2.0.7 server:
+
+```
+docker compose build
+docker compose up -d
+```
+
+After the server is started, you can access the Django home page at `http://your-ip:8000`.
+
+## Vulnerability Reproduction
+
+Visit the following URL to trigger the open redirect vulnerability:
+
+```
+http://your-ip:8000//www.example.com
+```
+
+The server will redirect you to `//www.example.com/`, which the browser interprets as an absolute URL, effectively redirecting to an external site:
+
+![](1.png)
+
+This vulnerability can be exploited by attackers to redirect users to malicious websites, potentially leading to phishing attacks or other security issues.

django/CVE-2018-14574/README.zh-cn.md

@@ -0,0 +1,35 @@
+# Django < 2.0.8 CommonMiddleware任意URL跳转漏洞（CVE-2018-14574）
+
+Django是一个高级的Python Web框架，支持快速开发和简洁实用的设计。
+
+Django 2.0.8和1.11.15版本之前存在一个任意URL跳转漏洞，当同时启用`django.middleware.common.CommonMiddleware`中间件和`APPEND_SLASH`设置时，如果项目中存在接受以斜杠结尾的任意路径的URL模式，攻击者可以构造恶意URL导致重定向到任意外部网站，从而可能导致钓鱼等攻击。
+
+参考链接：
+
+- https://www.djangoproject.com/weblog/2018/jul/18/security-releases/
+- https://nvd.nist.gov/vuln/detail/CVE-2018-14574
+
+## 环境搭建
+
+执行如下命令启动一个存在漏洞的Django 2.0.7服务器：
+
+```
+docker compose build
+docker compose up -d
+```
+
+环境启动后，访问`http://your-ip:8000`即可看到Django默认首页。
+
+## 漏洞复现
+
+访问以下URL触发任意URL跳转漏洞：
+
+```
+http://your-ip:8000//www.example.com
+```
+
+服务器将重定向到`//www.example.com/`，浏览器会将其解释为绝对URL，从而实现对外部站点的重定向：
+
+![](1.png)
+
+攻击者可以利用此漏洞将用户重定向到恶意网站，可能导致钓鱼攻击或其他安全问题。

django/CVE-2018-14574/app.py

@@ -0,0 +1,48 @@
+import os
+import sys
+from django.urls import include, path, re_path
+from django.http import HttpResponse
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", __name__)
+BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+DEBUG = False
+SECRET_KEY = 'vulhub'
+
+ALLOWED_HOSTS = ['*']
+MIDDLEWARE = [
+    'django.middleware.common.CommonMiddleware',
+]
+
+ROOT_URLCONF = __name__
+TEMPLATES = [{
+    'BACKEND': 'django.template.backends.django.DjangoTemplates',
+    'DIRS': [os.path.join(BASE_DIR, 'templates')]
+}]
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'handlers': {
+        'console': {
+            'class': 'logging.StreamHandler',
+        },
+    },
+    'loggers': {
+        'django': {
+            'handlers': ['console'],
+            'level': os.getenv('DJANGO_LOG_LEVEL', 'WARNING'),
+        },
+    },
+}
+
+
+def home(request, path=None):
+    return HttpResponse('Hello, world.')
+
+
+urlpatterns = [
+    path('', home),
+    re_path(r'^(.*)/$', home),
+]
+
+from django.core.management import execute_from_command_line
+execute_from_command_line(sys.argv)

django/CVE-2018-14574/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '2'
+services:
+ web:
+   build: .
+   ports:
+    - "8000:8000"
+   volumes:
+    - ./app.py:/usr/src/app.py