id: django-variables-exposed

info:
  name: Django Config - Detect
  author: nobody
  severity: info
  description: Django configuration was detected, which could reveal web application framework exceptions that could indicate exploitation attempts.
  reference:
    - https://docs.djangoproject.com/en/1.11/ref/exceptions/
    - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
    - https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework-
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200exceptions.yaml
  metadata:
    verified: true
  tags: exposure,config,django

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'seeing this error because you have <code>DEBUG = True</code>'
          - 'SuspiciousOperation'
          - 'DisallowedHost'
          - 'DisallowedModelAdminLookup'
          - 'DisallowedModelAdminToField'
          - 'DisallowedRedirect'
          - 'InvalidSessionKey'
          - 'RequestDataTooBig'
          - 'SuspiciousFileOperation'
          - 'SuspiciousMultipartForm'
          - 'SuspiciousSession'
          - 'TooManyFieldsSent'
          - 'PermissionDenied'
        condition: or

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 400

# Enhanced by mp on 2023/02/05