id: production-log info: name: Production Log File Disclosure author: geeknik severity: low metadata: max-request: 3 verified: true github-query: filename:production.log Connecting to database specified by database.yml tags: exposure,files,logs http: - method: GET path: - '{{BaseURL}}/log/production.log' - '{{BaseURL}}/logs/production.log' - '{{BaseURL}}/production.log' stop-at-first-match: true matchers-condition: and matchers: - type: word words: - 'Connecting to database specified by database.yml' - type: word part: header words: - 'text/html' negative: true - type: status status: - 200