first commit

django/CVE-2022-34265/web/app.py

@@ -0,0 +1,46 @@
+import os
+import sys
+
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", __name__)
+BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+DEBUG = True
+SECRET_KEY = 'vulhub'
+ALLOWED_HOSTS = ['*']
+MIDDLEWARE = [
+    'django.middleware.common.CommonMiddleware',
+]
+
+ROOT_URLCONF = 'vuln.urls'
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'handlers': {
+        'console': {
+            'class': 'logging.StreamHandler',
+        },
+    },
+    'loggers': {
+        'django': {
+            'handlers': ['console'],
+            'level': os.getenv('DJANGO_LOG_LEVEL', 'WARNING'),
+        },
+    },
+}
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': 'CVE_2022_34265',
+        'USER': 'postgres',
+        'PASSWORD': 'postgres',
+        'HOST': 'db',
+        'PORT': '5432',
+    }
+}
+INSTALLED_APPS = [
+    'vuln'
+]
+
+
+from django.core.management import execute_from_command_line
+execute_from_command_line(sys.argv)

django/CVE-2022-34265/web/vuln/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class VulnConfig(AppConfig):
+    name = 'vuln'
+    default_auto_field = 'django.db.models.BigAutoField'

django/CVE-2022-34265/web/vuln/migrations/0001_initial.py

@@ -0,0 +1,24 @@
+# Generated by Django 4.0.6 on 2022-07-13 22:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='WebLog',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('method', models.CharField(max_length=16)),
+                ('url', models.CharField(max_length=256)),
+                ('user_agent', models.CharField(max_length=256)),
+                ('created_time', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+    ]

django/CVE-2022-34265/web/vuln/models.py

@@ -0,0 +1,9 @@
+from operator import mod
+from django.db import models
+
+
+class WebLog(models.Model):
+    method = models.CharField(max_length=16)
+    url = models.CharField(max_length=256)
+    user_agent = models.CharField(max_length=256)
+    created_time = models.DateTimeField(auto_now_add=True)

django/CVE-2022-34265/web/vuln/urls.py

@@ -0,0 +1,7 @@
+from django.urls import include, path, re_path
+from . import views
+
+
+urlpatterns = [
+    path('', views.vul),
+]

django/CVE-2022-34265/web/vuln/views.py

@@ -0,0 +1,22 @@
+from django.http import HttpResponse, JsonResponse
+from django.db.models.functions import Trunc
+from django.db.models import Count
+from .models import WebLog
+
+
+def create_log(request):
+    method = request.method
+    url = request.build_absolute_uri()
+    user_agent = request.META.get('HTTP_USER_AGENT')
+    WebLog.objects.create(
+        method=method,
+        url=url,
+        user_agent=user_agent
+    )
+
+
+def vul(request):
+    create_log(request)
+    date = request.GET.get('date', 'minute')
+    objects = list(WebLog.objects.annotate(time=Trunc('created_time', date)).values('time').order_by('-time').annotate(count=Count('id')))
+    return JsonResponse(data=objects, safe=False)