Shopify Summary: A staging instance of the application was available with no authentication at shardm-reader.chi2.shopify.io. Since this instance had verbose errors turned on, any error message would contain information about the application's environment variables, and part of the stack trace with application source code.
Visiting the URL returned a verbose error with the following file paths disclosed :
Verbose error messages are returned when sql errors occur revealing backend information including SQL column and query information as well as PHP file location.
