django-debugmode.yaml

id: Django Debug Mode

info:
  name: Django Debug Mode Information leakage
  description: This template can be used to capture sensitive information from Django debug page.
  author: rahulkadavil
  severity: info
  tags: exposure

requests:
  - raw:
      - |
        POST /admin/login/?next=/admin/ HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Content-Type: application/json;charset=UTF-8
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
        
        {"test::"data"}



    matchers-condition: or
    matchers:
      - type: word
        words:
          - "DEBUG = True"
          - "DEBUG=True."
          - "DB_NAME"
          - "DB_USER"
          - "DB_PASSWORD"
          - "ADMIN_PASSWORD"
        condition: or  
        part: body    
        - type: status
      - type: status
        status:
          - 200
          - 500
          - 403
          - 404
        condition: or