daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update django-secret-key.yaml

patch-1
Prince Chaddha 2022-06-06 17:22:25 +05:30 committed by GitHub
parent ceaa145f58
commit 24678f6217
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
exposures/files/django-secret-key.yaml
View File

@ -1,14 +1,14 @@
id: django-secret-key id: django-secret-key
info: info:
name: Django Secret Key name: Django Secret Key Exposure
author: geeknik, DhiyaneshDk author: geeknik,DhiyaneshDk
severity: high severity: high
reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key
tags: django,exposure
metadata: metadata:
verified: true verified: true
shodan-query: html:settings.py shodan-query: html:settings.py
tags: django,exposure
requests: requests:
- method: GET - method: GET
@ -19,17 +19,28 @@ requests:
- "{{BaseURL}}/settings/settings.py" - "{{BaseURL}}/settings/settings.py"
- "{{BaseURL}}/web/settings/settings.py" - "{{BaseURL}}/web/settings/settings.py"
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status
status:
- 200
- type: word - type: word
part: body part: body
words: words:
- "SECRET_KEY =" - "SECRET_KEY ="
- type: word - type: word
part: header part: header
words: words:
- "text/html" - "text/html"
negative: true negative: true
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"DJANGO_SECRET_KEY", "(.*)"'