fix code style and improve some parts

htrgouvea · Oct 25, 2024 · efa8437 · efa8437
1 parent be1fa74
commit efa8437
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 25 deletions.
diff --git a/.config/modules.json b/.config/modules.json
@@ -377,6 +377,12 @@
             "category": "advisory",
             "module": "CVE_2024_4577",
             "description": "PHP CGI Argument Injection vulnerability"
+        },
+        {
+            "id": "0063",
+            "category": "exploit",
+            "module": "Django_Debug",
+            "description": "Detect if a Django application has the debug mode enabled"
         }
     ]
 }
diff --git a/lib/Spellbook/Exploit/Django_DEBUG.pm b/lib/Spellbook/Exploit/Django_DEBUG.pm
@@ -1,7 +1,8 @@
-package Spellbook::Exploit::Django_DEBUG {
+package Spellbook::Exploit::Django_Debug {
     use strict;
     use warnings;
     use Spellbook::Core::UserAgent;
+    use Spellbook::Helper::Generate_UUID;
 
     sub new {
         my ($self, $parameters) = @_;
@@ -15,43 +16,32 @@ package Spellbook::Exploit::Django_DEBUG {
 
         if ($target){
             if ($target !~ /^http(s)?:\/\//){
-            $target = "https://$target";
+                $target = "https://$target";
             }
 
-            my $data = "foo=bar&instriq=io";
+            my $useragent = Spellbook::Core::UserAgent -> new();
+            my @paths     = ("/genericpath", "/api/spellbook", "/api/v1/spellbook", "/admin/spellbook", "/admin/1");
+            my @method    = ("get", "post");
 
-            my $useragent = Spellbook::Core::UserAgent -> new ();
-            my @payloads = (
-                "/instriqwashere",
-                "/api/instriqwashere",
-                "/api/v1/instriqwashere",
-                "/admin/instriqwashere",
-                "/admin/1"
-            );
+            foreach my $payload (@paths) {
+                foreach my $method (@method) {
+                    my $response = $useragent -> $method ($target . $payload);
 
-            foreach my $payload (@payloads) {
-                my $response = $useragent -> get($target . $payload);
-
-                if ($response =~ /RuntimeError/) {
-                    push @results, "$target has \"debug mode\" enabled! - [Method: GET]";
-                }
-
-                my $response_post = $useragent -> post($target . $payload, Content => $data);
-
-                if ($response_post =~ /RuntimeError/) {
-                    push @results, "$target has \"debug mode\" enabled! - [Method: POST]";
+                    if ($response =~ /RuntimeError/) {
+                        push @results, "$target has \"debug mode\" enabled! - [Method: $method]";
+                    }
                 }
             }
 
             return @results
         }
 
         if ($help) {
-            return ("
-                \rExploit::Django_DEBUG
+            return "
+                \rExploit::Django_Debug
                 \r=======================
                 \r-h, --help     See this menu
-                \r-t, --target   Define a target");
+                \r-t, --target   Define a target";
         }
 
         return 0;