@paresh_parmar discovered an error page that was disclosing the value of the
secret_key_base key of customers.gitlab.com to unauthenticated users, which would have allowed an attacker to arbitrarily decrypt signed cookies.
So i was fuzzing one parameter with different type of encodings. And one character threw error page .that page has secret token (rails)of application.
you can get RCE using secret key base token. BUT in this case serialization was json
action_dispatch.cookies_serializer"=>:json so RCE was not possible that time. still you can do lots of stuff with
secret_key_base of application, depends on the application logic.
Similar issue by @bugdiscloseguys At : https://blog.harshjaiswal.com/rce-due-to-showexceptions