Download Netsparker

DJango Debug Enabled | Error Pages Disclosing Sensitive Information

Netsparker identified that detailed Django error pages are enabled on the target web application.


An attacker can obtain information such as:

  • Exact Django & Python version.
  • Used database type, database user name, current database name.
  • Details of the Django project configuration.
  • Internal file paths.
  • Exception-generated source code, local variables and their values.

This information might help an attacker to gain more information on the system. After gaining detailed information, the attacker can research known vulnerabilities for that system under review. The attacker can also use this information during the exploitation of other vulnerabilities.


Apply the following changes on your Django settings file to prevent this problem

  • Set DEBUG option to False.

Go back to the Complete list of Vulnerability Checks.