id: ruby-rail-storage info: name: Ruby on Rails storage.yml File Disclosure author: DhiyaneshDK severity: low metadata: verified: true google-query: intitle:"index of" storage.yml tags: exposure,ruby,devops,files requests: - method: GET path: - "{{BaseURL}}/storage.yml" - "{{BaseURL}}/config/storage.yml" - "{{BaseURL}}/ruby/config/storage.yml" - "{{BaseURL}}/railsapp/config/storage.yml" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - 'service:' - 'local:' condition: and - type: word part: header words: - "application/json" - "text/html" negative: true condition: and - type: status status: - 200