id: rack-mini-profiler

info:
  name: rack-mini-profiler - Environment Information Disclosure
  author: vzamanillo
  severity: high
  description: rack-mini-profiler is prone to environmental information disclosure which could help an attacker formulate additional attacks.
  metadata:
    max-request: 1
  tags: config,debug,rails,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/?pp=env"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Rack Environment"

      - type: status
        status:
          - 200

# digest: 490a004630440220013a9738b2902ee1c439bc423dcb7582a024293cfb30854ccbdb45f03b341d4d0220749e9f34c86797db2f41037959f1a54cb8f7d8cf8576d26dfe0c675eb46aec73:922c64590222798bb761d5b6d8e72950