From 5a8dc91f52df545a7f3970b0c83c1b8b260220d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADctor=20Zamanillo?= <bellzebu@hotmail.com>
Date: Sun, 31 May 2020 17:39:48 +0200
Subject: [PATCH 1/2] rack-mini-profiler environment information discloure
 detection template
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ruby Rack based web applications using rack-mini-profiler without access control can show application’s environment details
---
 .../rack-miniprofiler.yaml                     | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 security-misconfiguration/rack-miniprofiler.yaml

diff --git a/security-misconfiguration/rack-miniprofiler.yaml b/security-misconfiguration/rack-miniprofiler.yaml
new file mode 100644
index 0000000000..57f6ede976
--- /dev/null
+++ b/security-misconfiguration/rack-miniprofiler.yaml
@@ -0,0 +1,18 @@
+id: rack-miniprofiler
+
+info:
+  name: rack-mini-profiler environmnet information discloure
+  author: vzamanillo
+  severity: high
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?pp=env"
+    matchers:
+      - type: word
+        words:
+          - "Rack Environment"
+      - type: status
+        status:
+          - 200

From 18592de7f9d9c9d988ae7e708b2d3490c555060b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADctor=20Zamanillo?= <bellzebu@hotmail.com>
Date: Mon, 1 Jun 2020 20:47:29 +0200
Subject: [PATCH 2/2] Typo in gem name

---
 .../{rack-miniprofiler.yaml => rack-mini-profiler.yaml}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename security-misconfiguration/{rack-miniprofiler.yaml => rack-mini-profiler.yaml} (92%)

diff --git a/security-misconfiguration/rack-miniprofiler.yaml b/security-misconfiguration/rack-mini-profiler.yaml
similarity index 92%
rename from security-misconfiguration/rack-miniprofiler.yaml
rename to security-misconfiguration/rack-mini-profiler.yaml
index 57f6ede976..65b18b7dc7 100644
--- a/security-misconfiguration/rack-miniprofiler.yaml
+++ b/security-misconfiguration/rack-mini-profiler.yaml
@@ -1,4 +1,4 @@
-id: rack-miniprofiler
+id: rack-mini-profiler
 
 info:
   name: rack-mini-profiler environmnet information discloure