aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vulhub/django/CVE-2018-14574/README.zh-cn.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

36 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Django < 2.0.8 CommonMiddleware任意URL跳转漏洞CVE-2018-14574
Django是一个高级的Python Web框架支持快速开发和简洁实用的设计。
Django 2.0.8和1.11.15版本之前存在一个任意URL跳转漏洞当同时启用`django.middleware.common.CommonMiddleware`中间件和`APPEND_SLASH`设置时如果项目中存在接受以斜杠结尾的任意路径的URL模式攻击者可以构造恶意URL导致重定向到任意外部网站从而可能导致钓鱼等攻击。
参考链接:
- https://www.djangoproject.com/weblog/2018/jul/18/security-releases/
- https://nvd.nist.gov/vuln/detail/CVE-2018-14574
## 环境搭建
执行如下命令启动一个存在漏洞的Django 2.0.7服务器:
```
docker compose build
docker compose up -d
```
环境启动后,访问`http://your-ip:8000`即可看到Django默认首页。
## 漏洞复现
访问以下URL触发任意URL跳转漏洞
```
http://your-ip:8000//www.example.com
```
服务器将重定向到`//www.example.com/`浏览器会将其解释为绝对URL从而实现对外部站点的重定向
![](1.png)
攻击者可以利用此漏洞将用户重定向到恶意网站,可能导致钓鱼攻击或其他安全问题。
Reference in New Issue View Git Blame Copy Permalink