id: rack-mini-profiler

info:
  name: rack-mini-profiler - Environment Information Disclosure
  author: vzamanillo
  severity: high
  description: rack-mini-profiler is prone to environmental information disclosure which could help an attacker formulate additional attacks.
  tags: config,debug,rails,misconfig
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{BaseURL}}/?pp=env"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Rack Environment"

      - type: status
        status:
          - 200