Django

1-Rce

https://medium.com/@syedabuthahir/django-debug-mode-to-rce-in-microsoft-acquisition-189d27d08971

2- Exposing Django Debug Panel https://hackerone.com/reports/2078707

/app/tmp/healthcheck.json
/fxa-rp-events

template:
https://github.com/Az0x7/vulnerability-Checklist/blob/main/Hacking%20Django/exposing-django.yaml

3- use this wordlist for fuzzing

https://github.com/six2dez/OneListForAll/blob/main/dict/django_long.txt

4- fuzz with path

/bet_api
/healthcheck
/oidc
rest-api/
api-soap/ 
api/v1/ums/
api/v1/dms/
api/v1/transaction/
api/v1/log/
api/v1/reports/
api/v1/organization/
api/v1/legal_entity/
api/v1/tpdr/
api/v1/integral_docs/
api/v1/countries
PreviouscookieNextSymfony