๐ Mail.ru: Django Debug=True Leaks admin email addresss and serval system information
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Domain, site, application weblate.ucs.ru Steps to reproduce For getting all Url Patterns 1.Open https://weblate.ucs.ru / 2.now after / enter any random string 3.It will open 404 page which contains all the Url Patterns of Website For getting all debug info 1.Open https://weblate.ucs.ru 2. Now go to https://weblate.ucs.ru/widgets/platformx/-/svg-badge.svg 3.Boom you got all details Recommend Fix Change Debug to False from True Reference https://www.troyhunt.com/graphic-demonstration-of-information/ Impact An attacker can obtain information such as: Exact Django & Python version. Used database type, database user name, current database name. Details of the Django project configuration. Internal file paths. Email of admin is also disclosed Exception-generated source code, local variables and their values. All Urls of web App is also disclosed This information might help an attacker gain more information and potentially to focus on the development of further attacks to the target... ...