id: django-variables-exposed info: name: Django Config - Detect author: nobody severity: info description: Django configuration information was detected, which could reveal web application framework exceptions that could indicate exploitation attempts. reference: - https://docs.djangoproject.com/en/1.11/ref/exceptions/ - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security - https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework- classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 metadata: verified: true tags: exposure,config,django requests: - method: GET path: - "{{BaseURL}}" matchers-condition: and matchers: - type: word words: - 'seeing this error because you have DEBUG = True' - 'SuspiciousOperation' - 'DisallowedHost' - 'DisallowedModelAdminLookup' - 'DisallowedModelAdminToField' - 'DisallowedRedirect' - 'InvalidSessionKey' - 'RequestDataTooBig' - 'SuspiciousFileOperation' - 'SuspiciousMultipartForm' - 'SuspiciousSession' - 'TooManyFieldsSent' - 'PermissionDenied' condition: or - type: word part: header words: - "text/html" - type: status status: - 400 # Enhanced by mp on 2023/02/05