id: django-variables-exposed info: name: Django Config - Detect author: nobody severity: info description: Django configuration information was detected, which could reveal web application framework exceptions that could indicate exploitation attempts. reference: - https://docs.djangoproject.com/en/1.11/ref/exceptions/ - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security - https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework- classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: verified: true max-request: 1 tags: exposure,config,django http: - method: GET path: - "{{BaseURL}}" matchers-condition: and matchers: - type: word words: - 'seeing this error because you have DEBUG = True' - 'SuspiciousOperation' - 'DisallowedHost' - 'DisallowedModelAdminLookup' - 'DisallowedModelAdminToField' - 'DisallowedRedirect' - 'InvalidSessionKey' - 'RequestDataTooBig' - 'SuspiciousFileOperation' - 'SuspiciousMultipartForm' - 'SuspiciousSession' - 'TooManyFieldsSent' - 'PermissionDenied' condition: or - type: word part: header words: - "text/html" - type: status status: - 400 - 500 # digest: 4a0a00473045022100f67dd14e356fef79d9b80e6c9036835e73695659b834b166d39b5832d8d8677b02201fd1315aae896bd498f008b7a534809cbd5510094e9199d6e04fd4a3d46f9add:922c64590222798bb761d5b6d8e72950