Share
## https://sploitus.com/exploit?id=9F50AAE5-3EA3-5804-A040-09FE1281C2FB
# CVE-2022-28346
SQL injection in QuerySet.annotate(), aggregate(), and extra()

# Setup:
Run `./setup.sh` for initial setup

Open the docker image to initiate the database:
`docker exec -it {container_id} /bin/bash`
And run the following commands:
```
python manage.py makemigrations cve202228346
python manage.py migrate
```

Start the instances using: 
`docker-compose up`

Now open the following URL to load sample data:

http://localhost:8000/load_example_data

Then go to the vulnerable page at:
http://localhost:8000/users/

Exploit the parameter at:
**todo**