rahul3613
commented
2 years ago I have changed the DEBUG to False. Now you will get a 404 error on any random URL. Thanks for raising the issue.
Closed Bikash-Bhatta closed 1 year ago
rahul3613
commented
2 years ago I have changed the DEBUG to False. Now you will get a 404 error on any random URL. Thanks for raising the issue.
Bikash-Bhatta
commented
1 year ago Ok I shall do it.
On Sat, 24 Sept 2022, 23:56 Rahul Vishwakarma, @.***> wrote:
Changed the Debug to False. Now you will get a 404 error on any random URL. Thanks for raising the issue.
— Reply to this email directly, view it on GitHub https://github.com/sdgniser/lnf/issues/7#issuecomment-1257037683, or unsubscribe https://github.com/notifications/unsubscribe-auth/A3BS34F46GKVG3KQEFCEWVLV75BWFANCNFSM6AAAAAAQPODDD4 . You are receiving this because you authored the thread.Message ID: @.***>
This site has this bug as it is displaying the useful URLs in the error page which can be used to get into the administration panel. Here is the attached screenshot:
The URL I have marked take me to the Django Administration Panel which may be bypassed if it is having Default/Weak Password Flaws. This is the ss:
This might lead to exploit and leakage of critical information.
Solution Disable the error message flaw in the webpage developer code so that it will simply through a error 404 and nothing else.