Django Framework Exceptions

 1title: Django Framework Exceptions
 2id: fd435618-981e-4a7c-81f8-f78ce480d616
 3status: stable
 4description: Detects suspicious Django web application framework exceptions that could indicate exploitation attempts
 5references:
 6    - https://docs.djangoproject.com/en/1.11/ref/exceptions/
 7    - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
 8author: Thomas Patzke
 9date: 2017/08/05
10modified: 2020/09/01
11tags:
12    - attack.initial_access
13    - attack.t1190
14logsource:
15    category: application
16    product: django
17detection:
18    keywords:
19        - SuspiciousOperation
20        # Subclasses of SuspiciousOperation
21        - DisallowedHost
22        - DisallowedModelAdminLookup
23        - DisallowedModelAdminToField
24        - DisallowedRedirect
25        - InvalidSessionKey
26        - RequestDataTooBig
27        - SuspiciousFileOperation
28        - SuspiciousMultipartForm
29        - SuspiciousSession
30        - TooManyFieldsSent
31        # Further security-related exceptions
32        - PermissionDenied
33    condition: keywords
34falsepositives:
35    - Application bugs
36level: medium

References

• Django Exceptions | Django documentation

  

  The web framework for perfectionists with deadlines.

  
  Read More

• Logging | Django documentation

  

  The web framework for perfectionists with deadlines.

  
  Read More

Related rules

• Python SQL Exceptions
• Ruby on Rails Framework Exceptions
• Exploitation of Vulnerable VMware Horizon to LOG4J
• Confluence Exploit Activity on Webserver Logs