Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
"Django Debug Exposure" is a module designed to detect misconfigurations in Django web applications. It targets the Django framework, which is a popular Python web framework used for building web applications. This module focuses on identifying potential vulnerabilities related to debug mode settings in Django applications. The severity of this module is classified as high, indicating the potential impact of the detected misconfigurations.
Author: geeknik
Reference: https://twitter.com/Alra3ees/status/1397660633928286208
The "Django Debug Exposure" module helps identify misconfigurations in Django applications that have debug mode enabled. Debug mode is a development feature that provides detailed error messages and debugging information. However, enabling debug mode in a production environment can expose sensitive information, such as database credentials and other configuration settings. This module aims to detect such misconfigurations to prevent potential security breaches and unauthorized access to sensitive data.
The "Django Debug Exposure" module works by sending HTTP requests to specific endpoints in the target Django application. It then applies matching conditions to analyze the responses and identify potential misconfigurations. One example of an HTTP request sent by this module is a POST request to the "/admin/login/?next=/admin/" path.
The module applies the following matching conditions:
- Status: The response status code should be 500. - Body: The response body should contain specific keywords, such as "DB_HOST," "DB_NAME," "DJANGO," and "ADMIN_PASSWORD."If both matching conditions are met, the module reports a potential vulnerability related to debug mode misconfiguration in the Django application.