63 lines
2.0 KiB
YAML
63 lines
2.0 KiB
YAML
id: django-secret-key
|
|
|
|
info:
|
|
name: Django Secret Key Exposure
|
|
author: geeknik,DhiyaneshDk
|
|
severity: high
|
|
description: |
|
|
The Django settings.py file containing a secret key was discovered. An attacker may use the secret key to bypass many security mechanisms and potentially obtain other sensitive configuration information (such as database password) from the settings file.
|
|
reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key
|
|
metadata:
|
|
verified: true
|
|
max-request: 7
|
|
shodan-query: html:settings.py
|
|
comments: 'This template downloads the manage.py file to check whether it contains line such as: `os.environ.setdefault("DJANGO_SETTINGS_MODULE", "APP_NAME.settings")` if it does, we extract the APP_NAME to know in what folder to look for the settings.py file.'
|
|
tags: django,exposure,files
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/manage.py"
|
|
- "{{BaseURL}}/settings.py"
|
|
- "{{BaseURL}}/app/settings.py"
|
|
- "{{BaseURL}}/django/settings.py"
|
|
- "{{BaseURL}}/settings/settings.py"
|
|
- "{{BaseURL}}/web/settings/settings.py"
|
|
- "{{BaseURL}}/{{app_name}}/settings.py"
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "SECRET_KEY ="
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|
|
negative: true
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
group: 1
|
|
regex:
|
|
- '"DJANGO_SECRET_KEY", "(.*)"'
|
|
|
|
- type: regex
|
|
part: body
|
|
internal: true
|
|
name: app_name
|
|
group: 1
|
|
regex:
|
|
- "os.environ.setdefault\\([\"']DJANGO_SETTINGS_MODULE[\"'],\\s[\"']([a-zA-Z-_0-9]*).settings[\"']\\)"
|
|
|
|
# digest: 4a0a00473045022100b9f99aa21141aff5a2e32d9d17a38a880455bee51e9d5cb86222bbadac6086b402203b18b6d4563233114ccc027031dd1a9e01f8d491147509d60836f496edee6d8b:922c64590222798bb761d5b6d8e72950
|