id: symfony-debugmode info: name: Symfony Debug Mode author: organiccrap,pdteam severity: high description: A Symfony installations 'debug' interface is enabled, allowing the disclosure and possible execution of arbitrary code. reference: - https://github.com/synacktiv/eos tags: symfony,debug requests: - method: GET path: - '{{BaseURL}}' matchers-condition: or matchers: - type: word words: - 'X-Debug-Token-Link:' - '/_profiler/' part: header condition: and - type: word words: - 'debug mode is enabled.' part: body # Enhanced by mp on 2022/04/12