rails-debug-mode: Rails Debug Mode

日期: 2025-08-01 | 影响软件: rails-debug-mode | POC: 已公开

漏洞描述

Rails debug mode is enabled.

PoC代码[已公开]

id: rails-debug-mode

info:
  name: Rails Debug Mode
  author: pdteam
  severity: medium
  description: Rails debug mode is enabled.
  metadata:
    max-request: 1
  tags: debug,rails,exposure,intrusive,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/{{randstr}}"

    matchers:
      - type: word
        part: body
        words:
          - "Rails.root:"
          - "Action Controller: Exception caught"
        condition: and
# digest: 490a0046304402207358911b14acd235da4e13049cee3dca4a467632204115665ecb6d2b12a65eb10220434d86d1f2be6c13f93f50ad8f8715019b1c95b763d33102395bcacf9564e8cf:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/rails-debug-mode.yaml