2022-06-05 21:05:46 +00:00
|
|
|
id: django-secret-key
|
|
|
|
|
|
|
|
|
|
info:
|
2022-06-06 11:52:25 +00:00
|
|
|
name: Django Secret Key Exposure
|
|
|
|
|
author: geeknik,DhiyaneshDk
|
2022-06-05 21:05:46 +00:00
|
|
|
severity: high
|
|
|
|
|
reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key
|
|
|
|
|
metadata:
|
|
|
|
|
verified: true
|
|
|
|
|
shodan-query: html:settings.py
|
2022-06-06 11:52:25 +00:00
|
|
|
tags: django,exposure
|
2022-06-05 21:05:46 +00:00
|
|
|
|
|
|
|
|
requests:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/settings.py"
|
|
|
|
|
- "{{BaseURL}}/app/settings.py"
|
|
|
|
|
- "{{BaseURL}}/django/settings.py"
|
|
|
|
|
- "{{BaseURL}}/settings/settings.py"
|
|
|
|
|
- "{{BaseURL}}/web/settings/settings.py"
|
|
|
|
|
|
2022-06-06 11:52:25 +00:00
|
|
|
stop-at-first-match: true
|
2022-06-05 21:05:46 +00:00
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
2022-06-06 11:52:25 +00:00
|
|
|
|
2022-06-05 21:05:46 +00:00
|
|
|
- type: word
|
|
|
|
|
part: body
|
|
|
|
|
words:
|
|
|
|
|
- "SECRET_KEY ="
|
2022-06-06 11:52:25 +00:00
|
|
|
|
2022-06-05 21:05:46 +00:00
|
|
|
- type: word
|
|
|
|
|
part: header
|
|
|
|
|
words:
|
|
|
|
|
- "text/html"
|
|
|
|
|
negative: true
|
2022-06-06 11:52:25 +00:00
|
|
|
|
|
|
|
|
- type: status
|
|
|
|
|
status:
|
|
|
|
|
- 200
|
|
|
|
|
|
|
|
|
|
extractors:
|
|
|
|
|
- type: regex
|
|
|
|
|
part: body
|
|
|
|
|
group: 1
|
|
|
|
|
regex:
|
|
|
|
|
- '"DJANGO_SECRET_KEY", "(.*)"'
|
