Http Debug Framework Headers Leak
Description
This detector identifies when web applications expose debug framework headers (X-Debug-Token and X-Debug-Token-Link) in HTTP responses. These headers are typically used by development frameworks like Symfony's Web Profiler and can leak sensitive debugging information or internal application details to attackers in production environments.
Detection Strategy
• The detector examines HTTP response headers for the presence of X-Debug-Token and X-Debug-Token-Link headers
• A vulnerability is reported when either header is found in the response with a non-empty value (after trimming whitespace)
• Each detected debug header generates a separate vulnerability finding, indicating which specific header was exposed
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.