id: syfmony-profiler info: name: SymfonyProfiler information leakage author: wabafet severity: medium requests: - method: GET path: - "{{BaseURL}}/_profiler/phpinfo.php" - "{{BaseURL}}/_profiler/phpinfo" matchers-condition: and matchers: - type: word words: - "$_SERVER['SERVER_NAME']" - "$_ENV['APP_SECRET']" - "$_ENV['SYMFONY_DOTENV_VARS']" condition: or - type: status status: - 200