nuclei-templates/http/exposures/files/django-secret-key.yaml

59 lines
1.8 KiB
YAML
Raw Normal View History

2022-06-05 21:05:46 +00:00
id: django-secret-key
info:
2022-06-06 11:52:25 +00:00
name: Django Secret Key Exposure
author: geeknik,DhiyaneshDk
2022-06-05 21:05:46 +00:00
severity: high
description: The Django settings.py file containing a secret key was discovered. An attacker may use the secret key to bypass many security mechanisms and potentially obtain other sensitive configuration information (such as database password) from the settings file.
2022-06-05 21:05:46 +00:00
reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key
metadata:
2023-11-07 15:12:40 +00:00
max-request: 7
2022-06-05 21:05:46 +00:00
verified: true
shodan-query: html:settings.py
2023-11-07 15:12:40 +00:00
comments: 'We download the manage.py file to check whether it contains line such as: `os.environ.setdefault("DJANGO_SETTINGS_MODULE", "APP_NAME.settings")` if it does, we extract the APP_NAME to know in what folder to look for the settings.py file.'
2022-10-13 10:12:07 +00:00
tags: django,exposure,files
2022-06-05 21:05:46 +00:00
http:
2022-06-05 21:05:46 +00:00
- method: GET
path:
- "{{BaseURL}}/manage.py"
2022-06-05 21:05:46 +00:00
- "{{BaseURL}}/settings.py"
- "{{BaseURL}}/app/settings.py"
- "{{BaseURL}}/django/settings.py"
- "{{BaseURL}}/settings/settings.py"
- "{{BaseURL}}/web/settings/settings.py"
- "{{BaseURL}}/{{app_name}}/settings.py"
2022-06-05 21:05:46 +00:00
stop-at-first-match: true
2022-06-05 21:05:46 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
- "SECRET_KEY ="
2022-06-06 11:52:25 +00:00
2022-06-05 21:05:46 +00:00
- type: word
part: header
words:
- "text/html"
negative: true
2022-06-06 11:52:25 +00:00
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"DJANGO_SECRET_KEY", "(.*)"'
2023-11-07 15:12:40 +00:00
- type: regex
part: body
internal: true
name: app_name
group: 1
regex:
- "os.environ.setdefault\\([\"']DJANGO_SETTINGS_MODULE[\"'],\\s[\"']([a-zA-Z-_0-9]*).settings[\"']\\)"