How i was able to find Django Misconfiguration using Shodan.
2023-3-11 03:21:57
Author: infosecwriteups.com(查看原文)
阅读量:47
收藏
Shodan.io is a search engine designed to scan and index internet-connected devices and systems. Unlike traditional search engines, which index web pages, Shodan focuses on the devices themselves, including servers, routers, webcams, and other IoT (Internet of Things) devices.
Shodan scans the internet for devices that are connected to the internet and identifies open ports, services, and protocols. It also indexes metadata such as banners, software versions, and other identifying information.
While Shodan is a powerful tool for researchers and security professionals to analyze the security posture of devices on the internet, it has also been criticized for enabling malicious actors to find and exploit vulnerable devices. Therefore, Shodan should be used responsibly and with caution.
Below i will share the Shodan Dork query that i used to find Django Debug mode set to True which leads to Sensitive Data Exposure.
Django Debug Set to True (IMPACT) Below :
Overview: Django has a setting “DEBUG” that determines if debugging information is shown in case of errors. If set to True, sensitive information like stack traces, database queries, and environment variables will be displayed.
Vulnerability: Attackers can access sensitive information and exploit vulnerabilities if “DEBUG” is set to True in a production environment. This can lead to SQL injection, XSS, RCE, IP address and OS details exposure, and user account/data compromise.
Impact: Sensitive information disclosure, infrastructure and application reconnaissance, and user data compromise.
Recommendation: Set “DEBUG” to False in production, use HTTPS, implement a WAF, and regularly monitor logs and scan for vulnerabilities.
Conclusion: Leaving “DEBUG” set to True in production is a serious security vulnerability. It is important to set it to False and secure the application and infrastructure.
Shodan Dork used : http.title:”DisallowedHost at /” ssl:”target.*”
I even shared this tip in Twitter earlier and someone found multiple bugs using it so i decided to share this one more time so you can find and report issues similar to this one.