Django Config - Detect
ID: django-variables-exposed
Severity: info
Author: nobody
Tags: exposure,config,django
Description
Section titled “Description”Django configuration information was detected, which could reveal web application framework exceptions that could indicate exploitation attempts.
YAML Source
Section titled “YAML Source”id: django-variables-exposed
info: name: Django Config - Detect author: nobody severity: info description: Django configuration information was detected, which could reveal web application framework exceptions that could indicate exploitation attempts. reference: - https://docs.djangoproject.com/en/1.11/ref/exceptions/ - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security - https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework- classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: verified: true max-request: 1 tags: exposure,config,django
http: - method: GET path: - "{{BaseURL}}"
matchers-condition: and matchers: - type: word words: - 'seeing this error because you have <code>DEBUG = True</code>' - 'SuspiciousOperation' - 'DisallowedHost' - 'DisallowedModelAdminLookup' - 'DisallowedModelAdminToField' - 'DisallowedRedirect' - 'InvalidSessionKey' - 'RequestDataTooBig' - 'SuspiciousFileOperation' - 'SuspiciousMultipartForm' - 'SuspiciousSession' - 'TooManyFieldsSent' - 'PermissionDenied' condition: or
- type: word part: header words: - "text/html"
- type: status status: - 400 - 500# digest: 4a0a00473045022100bcfde7c307ebcee34956d5d43db53b8758ea1d3a333e9b11e4d75652d6ac72d30220648ff4a0de2870fd301ed261febb5cc199f9cf50f7e7ffe3ac337e47dee7c427:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/exposures/configs/django-variables-exposed.yaml"