Web Security Learning

stable

Content Index:

1. Prologue
2. Computer Networks and Protocols
3. Information Collection
4. Common vulnerability attack and defense
5. Language and Framework
6. Intranet penetration
7. Cloud Security
8. Defense Technology
9. Authentication Mechanism
10. Tools and Resources
11. Manual Quick Check
12. Others

Web Security Learning

»
5. Language and Framework »
5.2. Python »
5.2.4. Framework

5.2.4. Framework¶

5.2.4.1. Django¶

5.2.4.1.1. Historical Vulnerabilities¶

CVE-2016-7401 CSRF Bypass
CVE-2017-7233/7234 Open redirect vulnerability
CVE-2017-12794 debug page XSS

5.2.4.1.2. Configuration related¶

When Nginx is a reverse proxy for Django, misconfiguration of the static file directory will lead to source code leakage. Visiting /static.. will 301 redirect to /static../

5.2.4.2. Flask¶

Flask uses client-side sessions by default, so that sessions can be forged

Previous Next

© Copyright 2019-2022, WebSecurity.

Built with Sphinx using a theme provided by Read the Docs.