漏洞描述
FOFA: body="because you have <code>DEBUG = True</code>"
django-debug-enabled: Django Debug mode enabled
PoC代码[已公开]
id: django-debug-enabled
info:
name: Django Debug mode enabled
author: zan8in
severity: info
verified: true
description: |
FOFA: body="because you have <code>DEBUG = True</code>"
tags: django,debug,debug-enabled
created: 2023/08/09
rules:
r0:
request:
method: GET
path: /
follow_redirects: true
expression: |
response.body.bcontains(b'<code>DEBUG = True</code>') &&
response.body.bcontains(b'<code>False</code>') &&
response.body.bcontains(b'your Django settings file')
expression: r0()