Download Netsparker
Pricing
Blog
Contact
Netsparker

DJango Debug Enabled | Error Pages Disclosing Sensitive Information

Netsparker identified that detailed Django error pages are enabled on the target web application.

Impact

An attacker can obtain information such as:

  • Exact Django & Python version.
  • Used database type, database user name, current database name.
  • Details of the Django project configuration.
  • Internal file paths.
  • Exception-generated source code, local variables and their values.

This information might help an attacker to gain more information on the system. After gaining detailed information, the attacker can research known vulnerabilities for that system under review. The attacker can also use this information during the exploitation of other vulnerabilities.

Remedy

Apply the following changes on your Django settings file to prevent this problem

  • Set DEBUG option to False.

Go back to the Complete list of Vulnerability Checks.