nuclei-templates/http/exposures/configs/django-variables-exposed.yaml

id: django-variables-exposed

info:
  name: Django Config - Detect
  author: nobody
  severity: info
  description: Django configuration information was detected, which could reveal web application framework exceptions that could indicate exploitation attempts.
  reference:
    - https://docs.djangoproject.com/en/1.11/ref/exceptions/
    - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
    - https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework-
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 1
  tags: exposure,config,django

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'seeing this error because you have <code>DEBUG = True</code>'
          - 'SuspiciousOperation'
          - 'DisallowedHost'
          - 'DisallowedModelAdminLookup'
          - 'DisallowedModelAdminToField'
          - 'DisallowedRedirect'
          - 'InvalidSessionKey'
          - 'RequestDataTooBig'
          - 'SuspiciousFileOperation'
          - 'SuspiciousMultipartForm'
          - 'SuspiciousSession'
          - 'TooManyFieldsSent'
          - 'PermissionDenied'
        condition: or

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 400
          - 500
# digest: 4a0a00473045022100f67dd14e356fef79d9b80e6c9036835e73695659b834b166d39b5832d8d8677b02201fd1315aae896bd498f008b7a534809cbd5510094e9199d6e04fd4a3d46f9add:922c64590222798bb761d5b6d8e72950
Update and rename exposed-django-variable.yaml to django-variables-exposed.yaml 2022-08-25 06:22:48 +00:00			`id: django-variables-exposed`
add django variables exposure template 2022-08-12 04:47:07 +00:00
			`info:`
Enhancement: exposures/configs/django-variables-exposed.yaml by mp 2023-02-05 17:42:16 +00:00			`name: Django Config - Detect`
add django variables exposure template 2022-08-12 04:47:07 +00:00			`author: nobody`
Update and rename exposed-django-variable.yaml to django-variables-exposed.yaml 2022-08-25 06:22:48 +00:00			`severity: info`
Enhancement: exposures/configs/django-variables-exposed.yaml by mp 2023-02-05 21:45:20 +00:00			`description: Django configuration information was detected, which could reveal web application framework exceptions that could indicate exploitation attempts.`
add django variables exposure template 2022-08-12 04:47:07 +00:00			`reference:`
Minor improvements 2022-08-20 08:29:01 +00:00			`- https://docs.djangoproject.com/en/1.11/ref/exceptions/`
			`- https://docs.djangoproject.com/en/1.11/topics/logging/#django-security`
Enhancement: exposures/configs/django-variables-exposed.yaml by mp 2023-02-05 17:42:16 +00:00			`- https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework-`
			`classification:`
Match severity with CVSS 2023-03-03 15:27:54 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N`
templateman update 2023-10-14 11:27:55 +00:00			`cvss-score: 0`
Match severity with CVSS 2023-03-03 15:27:54 +00:00			`cwe-id: CWE-200`
Update and rename django-framework-exceptions-http.yaml to exposed-django-variable.yaml 2022-08-21 11:55:03 +00:00			`metadata:`
			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
Update and rename exposed-django-variable.yaml to django-variables-exposed.yaml 2022-08-25 06:22:48 +00:00			`tags: exposure,config,django`
add django variables exposure template 2022-08-12 04:47:07 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
add django variables exposure template 2022-08-12 04:47:07 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- 'seeing this error because you have <code>DEBUG = True</code>'`
			`- 'SuspiciousOperation'`
			`- 'DisallowedHost'`
			`- 'DisallowedModelAdminLookup'`
			`- 'DisallowedModelAdminToField'`
			`- 'DisallowedRedirect'`
			`- 'InvalidSessionKey'`
			`- 'RequestDataTooBig'`
			`- 'SuspiciousFileOperation'`
			`- 'SuspiciousMultipartForm'`
			`- 'SuspiciousSession'`
			`- 'TooManyFieldsSent'`
			`- 'PermissionDenied'`
Update exposed-django-variable.yaml 2022-08-21 11:57:55 +00:00			`condition: or`
add django variables exposure template 2022-08-12 04:47:07 +00:00
			`- type: word`
			`part: header`
			`words:`
			`- "text/html"`
Update and rename django-framework-exceptions-http.yaml to exposed-django-variable.yaml 2022-08-21 11:55:03 +00:00
			`- type: status`
			`status:`
			`- 400`
Fix FN django-variables-exposed.yaml 2024-06-02 06:37:16 +00:00			`- 500`
Auto Template Signing [Sun Jun 2 16:37:05 UTC 2024] :robot: 2024-06-02 16:37:05 +00:00			`# digest: 4a0a00473045022100f67dd14e356fef79d9b80e6c9036835e73695659b834b166d39b5832d8d8677b02201fd1315aae896bd498f008b7a534809cbd5510094e9199d6e04fd4a3d46f9add:922c64590222798bb761d5b6d8e72950`