Django Framwork exploit

2018.04.07
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

1 Vender description Django is a high-level python web framwork that encourage rapid devlopment and pragmetic design. 2 Technical description Django miss configration of file so that adminpanel has been exploited. There is miss configration of file and we can see all the crediantials of the website e.g, AWS Privatekey, Public key, Database name, Username, password etc. 3 Proof of concept http://54.251.149.60:8081/


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top