I recently stumbled upon this SQL injection/arbitrary write/Redis injection to RCE attack vector in Django that maintainers won't fix and felt it was important to include here. It can be used in an exploit chain to escalate to full RCE. Since there wasn't a pre-existing article for Django exploitation, I went ahead and created one. Most other pages already have advertisements and such on them, I didn't know what to add there so feel free to go ahead and add that/change what you need.
carlospolop
commented
3 months ago
I recently stumbled upon this SQL injection/arbitrary write/Redis injection to RCE attack vector in Django that maintainers won't fix and felt it was important to include here. It can be used in an exploit chain to escalate to full RCE. Since there wasn't a pre-existing article for Django exploitation, I went ahead and created one. Most other pages already have advertisements and such on them, I didn't know what to add there so feel free to go ahead and add that/change what you need.