2020-06-01 18:47:29 +00:00
|
|
|
id: rack-mini-profiler
|
2020-05-31 15:39:48 +00:00
|
|
|
|
|
|
|
info:
|
2022-07-26 13:45:11 +00:00
|
|
|
name: rack-mini-profiler - Environment Information Disclosure
|
2020-05-31 15:39:48 +00:00
|
|
|
author: vzamanillo
|
|
|
|
severity: high
|
2022-07-26 13:45:11 +00:00
|
|
|
description: rack-mini-profiler is prone to environmental information disclosure which could help an attacker formulate additional attacks.
|
2023-04-28 08:11:21 +00:00
|
|
|
metadata:
|
|
|
|
max-request: 1
|
2023-10-14 11:27:55 +00:00
|
|
|
tags: config,debug,rails,misconfig
|
2020-05-31 15:39:48 +00:00
|
|
|
|
2023-04-27 04:28:59 +00:00
|
|
|
http:
|
2020-05-31 15:39:48 +00:00
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/?pp=env"
|
2020-07-11 06:32:02 +00:00
|
|
|
|
|
|
|
matchers-condition: and
|
2020-05-31 15:39:48 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "Rack Environment"
|
2022-04-26 21:36:21 +00:00
|
|
|
|
2020-05-31 15:39:48 +00:00
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|
2023-10-19 13:13:52 +00:00
|
|
|
# digest: 490a004630440220013a9738b2902ee1c439bc423dcb7582a024293cfb30854ccbdb45f03b341d4d0220749e9f34c86797db2f41037959f1a54cb8f7d8cf8576d26dfe0c675eb46aec73:922c64590222798bb761d5b6d8e72950
|