2020-07-02 13:53:41 +00:00
id : symfony-debugmode
2021-07-26 11:51:46 +00:00
2020-07-02 13:53:41 +00:00
info :
name : Symfony Debug Mode
2021-07-26 11:51:46 +00:00
author : organiccrap,pdteam
2020-07-02 13:53:41 +00:00
severity : high
2021-05-02 06:13:37 +00:00
description : The remote Symfony installations appears to have left the 'debug' interface enabled, allowing the disclosure and possible execution of arbitrary code.
2021-03-12 08:57:14 +00:00
reference : https://github.com/synacktiv/eos
tags : symfony,debug
2020-07-02 13:53:41 +00:00
requests :
- method : GET
path :
2021-01-14 14:41:56 +00:00
- '{{BaseURL}}'
2021-07-26 11:51:46 +00:00
matchers-condition : or
2020-07-02 13:53:41 +00:00
matchers :
2021-07-26 11:51:46 +00:00
2020-07-02 13:53:41 +00:00
- type : word
words :
- 'X-Debug-Token-Link:'
2021-07-26 11:51:46 +00:00
- '/_profiler/'
2020-07-02 13:53:41 +00:00
part : header
condition : and
2021-07-26 11:51:46 +00:00
- type : word
words :
- 'debug mode</a> is enabled.'
part : body
