Shopify Summary: A staging instance of the application was available with no authentication at shardm-reader.chi2.shopify.io. Since this instance had verbose errors turned on, any error message would contain information about the application's environment variables, and part of the stack trace with application source code.
Visiting the URL returned a verbose error with the following file paths disclosed :
lib/patches/mysql_monitoring.rb:19:in connect'
lib/patches/mysql_monitoring.rb:19:inblock in raw_connect_with_monitoring'
lib/patches/mysql_monitoring.rb:18:in raw_connect_with_monitoring'
lib/routing/connection.rb:15:inconnection'
app/models/concerns/benchmarking.rb:15:in block (2 levels) in add_benchmark_around_method'
app/models/concerns/benchmarking.rb:24:inwith_benchmark'
app/models/concerns/benchmarking.rb:14:in block in add_benchmark_around_method'
app/models/shop.rb:619:infor_domain'
app/controllers/application_controller.rb:303:in shop_for'
app/controllers/application_controller.rb:96:inwith_shop_fallback'
app/controllers/application_controller.rb:87:in with_shop'
app/controllers/application_controller.rb:73:inset_billing_api_request_id'
app/controllers/application_controller.rb:64:in add_request_id_to_log_context'
app/controllers/application_controller.rb:245:inconditionally_enable_debug_log'
app/controllers/application_controller.rb:54:in block in identity_cache_memoization'
app/controllers/application_controller.rb:54:inidentity_cache_memoization'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:284:in call'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:284:inblock in measure'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:53:in duration'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:284:inmeasure'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:75:in block (3 levels) in statsd_measure'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:284:incall'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:284:in block in measure'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:53:induration'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:284:in measure'
/artifacts/ruby/2.2.0/bundler/gems/statsd-instrument-50b2496ea65b/lib/statsd/instrument.rb:75:inblock (2 levels) in statsd_measure'
semian (0.4.1) lib/semian/mysql2.rb:82:in `block in connect'
DigitalSellz - Verbose SQL Error Message
Verbose error messages are returned when sql errors occur revealing backend information including SQL column and query information as well as PHP file location.
