Django Framwork exploit

2018.04.07

Punit Darji (IN)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

1 Vender description
Django is a high-level python web framwork that encourage rapid
devlopment and pragmetic design.
2 Technical description
Django miss configration of file so that adminpanel
has been exploited.
There is miss configration of file and we can see all the
crediantials of the website e.g,
AWS Privatekey, Public key, Database name, Username, password etc.
3 Proof of concept
http://54.251.149.60:8081/

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Django Framwork exploit

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.