Rails Database Configuration File Exposure
Ruby on Rails applications store database configuration information in a file named config/database.yml. By default it contains three configurations: production, development, and test. The information stored in this file is highly sensitive and should not be found in a production system.
Attackers can enumerate the host system and the ruby configuration viewing this file.