CVE-2021-35042 Scanner

Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. It's used by developers to create web applications quickly and efficiently. Known for being "the web framework for perfectionists with deadlines," Django provides a host of features to facilitate the creation of secure and scalable web apps. Developers in diverse sectors such as technology, education, finance, and even government rely on Django to build everything from small sites to large-scale projects. Among its many offerings are modularity, authentication mechanisms, and ORM capabilities to handle database interactions. With a sizable community backing it, Django is constantly evolving through consistent updates and feature additions.

The vulnerability in question resides in Django's QuerySet.order_by method, which is susceptible to SQL injection. This occurs due to improper handling of untrusted input, allowing attackers to inject and execute arbitrary SQL commands. An exploitable vector is present when an application leaves the order_by parameter exposed to manipulation. This oversight can give malicious users the capacity to run unauthorized database commands. As a result, the exploitation of this vulnerability could lead to unauthorized data access, modification, and even deletion.

Technical details point to the faulty handling within Django's QuerySet.order_by implementation. When given unfiltered and user-controlled input, this function becomes an injection point. The HTTP request vulnerability is triggered by the 'order_by' parameter causing a 500 status code with specific database errors like "ProgrammingError" and "ORDER BY." An attacker can exploit this to determine the database type and execute arbitrary SQL, manipulating the database tables or querying unauthorized data. Proper sanitization before processing user inputs in the order_by function is crucial to mitigating such threats.

If exploited, this SQL Injection can have dire consequences. Attackers may gain unauthorized access to sensitive data or operate under escalated privileges. The modification and deletion of critical data tables could lead to information disclosure, financial loss, or operational disruptions. Furthermore, since the attacker controls the input, this vulnerability can be leveraged to write, delete, or corrupt the database contents entirely, potentially leading to complete system compromise.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2021-35042
• https://github.com/zer0qs/CVE-2021-35042
• https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f