id: symfony-debugmode

info:
  name: Symfony Debug Mode
  author: organiccrap,pdteam
  severity: high
  description: The remote Symfony installations appears to have left the 'debug' interface enabled, allowing the disclosure and possible execution of arbitrary code.
  reference: https://github.com/synacktiv/eos
  tags: symfony,debug

requests:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: or
    matchers:

      - type: word
        words:
          - 'X-Debug-Token-Link:'
          - '/_profiler/'
        part: header
        condition: and

      - type: word
        words:
          - 'debug mode</a> is enabled.'
        part: body