Skip to content

Commit

Permalink
Add the new Django_DEBUG.pm file (#78)
Browse files Browse the repository at this point in the history 
* Sync (#67)

* new module to identify technologies from a web page

* added https string

* added trigger based on pull request

* Add the new Django_DEBUG.pm file

---------

Co-authored-by: Heitor Gouvêa <[email protected]>
  • Loading branch information
@LucasKatashi @htrgouvea
LucasKatashi and htrgouvea authored Oct 25, 2024
1 parent e3b3c67 commit ba9d3e7
Showing 1 changed file with 61 additions and 0 deletions.
61 changes: 61 additions & 0 deletions lib/Spellbook/Exploit/Django_DEBUG.pm
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
package Spellbook::Exploit::Django_DEBUG {
use strict;
use warnings;
use Spellbook::Core::UserAgent;

sub new {
my ($self, $parameters) = @_;
my ($help, $target, @results);

Getopt::Long::GetOptionsFromArray (
$parameters,
"h|help" => \$help,
"t|target=s" => \$target
);

if ($target){
if ($target !~ /^http(s)?:\/\//){
$target = "https://$target";
}

my $data = "foo=bar&instriq=io";

my $useragent = Spellbook::Core::UserAgent -> new ();
my @payloads = (
"/instriqwashere",
"/api/instriqwashere",
"/api/v1/instriqwashere",
"/admin/instriqwashere",
"/admin/1"
);

foreach my $payload (@payloads) {
my $response = $useragent -> get($target . $payload);

if ($response =~ /RuntimeError/) {
push @results, "$target has \"debug mode\" enabled! - [Method: GET]";
}

my $response_post = $useragent -> post($target . $payload, Content => $data);

if ($response_post =~ /RuntimeError/) {
push @results, "$target has \"debug mode\" enabled! - [Method: POST]";
}
}

return @results
}

if ($help) {
return ("
\rExploit::Django_DEBUG
\r=======================
\r-h, --help See this menu
\r-t, --target Define a target");
}

return 0;
}
}

1;

0 comments on commit ba9d3e7

Please sign in to comment.