Home

/

Test

/

Django url exposed due to debug mode enable

Django url exposed due to debug mode enable

The error response contains information related to urls which may help in more sophisticated attacks

Verbose Error Messages (VEM)

Business Logic

"The endpoint appears to be give out information related to endpoints existing in the application, on trying an invalid request, possibly due to DJANGO DEBUG mode being enabled. The original request was replayed by modifying the url with an invalid value. "<b>Background:</b> Inconsistencies in error messages can reveal important clues on how a site works, and what information is present under the covers.

"The endpoint appears to be give out information related to endpoints existing in the application, on trying an invalid request, possibly due to DJANGO DEBUG mode being enabled. The original request was replayed by modifying the url with an invalid value. "<b>Background:</b> Inconsistencies in error messages can reveal important clues on how a site works, and what information is present under the covers.

Impact of the vulnerability

Impact of the vulnerability

This information can be used to facilitate more sophisticated attacks on your application

This information can be used to facilitate more sophisticated attacks on your application

How this template works

APIs Selection

The template uses API selection filters to specify the criteria for selecting the desired API endpoint. In this case, it filters the response code to be between 200 and 300, and extracts the URL from the response using the "urlVar" variable.

Execute request

The template executes a single request by modifying the extracted URL with an invalid value appended as "testInvalidUrl". This is done using the "modify_url" action. The modified request is then sent to the API endpoint.

Validation

The template validates the response payload by checking if it contains the string "Django tried these url patterns". If the response payload contains this string, the validation is considered successful.

Frequently asked questions

What is the purpose of the "DJANGO_URL_EXPOSED" test in this array

What is the purpose of the "DJANGO_URL_EXPOSED" test in this array

What is the purpose of the "DJANGO_URL_EXPOSED" test in this array

How does the "DJANGO_URL_EXPOSED" test work

How does the "DJANGO_URL_EXPOSED" test work

How does the "DJANGO_URL_EXPOSED" test work

What is the impact of Django URL exposure due to debug mode enable

What is the impact of Django URL exposure due to debug mode enable

What is the impact of Django URL exposure due to debug mode enable

What is the severity level of the "DJANGO_URL_EXPOSED" vulnerability

What is the severity level of the "DJANGO_URL_EXPOSED" vulnerability

What is the severity level of the "DJANGO_URL_EXPOSED" vulnerability

What are the recommended references for understanding and mitigating the "DJANGO_URL_EXPOSED" vulnerability

What are the recommended references for understanding and mitigating the "DJANGO_URL_EXPOSED" vulnerability

What are the recommended references for understanding and mitigating the "DJANGO_URL_EXPOSED" vulnerability

What are the tags associated with the "DJANGO_URL_EXPOSED" vulnerability

What are the tags associated with the "DJANGO_URL_EXPOSED" vulnerability

What are the tags associated with the "DJANGO_URL_EXPOSED" vulnerability

Loved by security teams!

Loved by security teams!

Product Hunt Badge

"We are absolutely thrilled with the testing feature of Akto. We have used it on our graphQL endpoints and it performs flawlessly identifying common API security issues. It's truly a game-changer and we highly recommend Akto to anyone looking to effortlessly secure their API endpoints. With a user-friendly interface, it's the perfect solution for anyone looking to embrace custom rules with context to reduce false positives."

Loom Company logo

Security team,

Loom

"We are absolutely thrilled with the testing feature of Akto. We have used it on our graphQL endpoints and it performs flawlessly identifying common API security issues. It's truly a game-changer and we highly recommend Akto to anyone looking to effortlessly secure their API endpoints. With a user-friendly interface, it's the perfect solution for anyone looking to embrace custom rules with context to reduce false positives."

Loom Company logo

Security team,

Loom

"We are absolutely thrilled with the testing feature of Akto. We have used it on our graphQL endpoints and it performs flawlessly identifying common API security issues. It's truly a game-changer and we highly recommend Akto to anyone looking to effortlessly secure their API endpoints. With a user-friendly interface, it's the perfect solution for anyone looking to embrace custom rules with context to reduce false positives."

Loom Company logo

Security team,

Loom

"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Rippling Company logo

Security team,

Rippling

"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Rippling Company logo

Security team,

Rippling

"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Rippling Company logo

Security team,

Rippling

Explore other tests

Descriptive Error Message Using invalid payloads

Invalid File Input Leaking Sensitive Details Via Verbose Error Message

Learn more:

Exploring CSRF
Exploring CSRF
Exploring CSRF

Content

9 mins

Exploring Cross-Site Request Forgery (CSRF) vulnerabilities: Still a threat!

Optus breach
Optus breach
Optus breach

Content

4 min read

Optus Data Breach : What Happened And How Akto Can Help?

Suggest API security tests

Suggest API security tests

We're actively building the test library. Suggest a test! If we like your suggestion, you will see it in the library in few days.

We're actively building the test library. Suggest a test! If we like your suggestion, you will see it in the library in few days.