Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "rack-mini-profiler - Environment Information Disclosure" module is designed to detect environmental information disclosure vulnerabilities in the rack-mini-profiler software. This vulnerability could potentially assist an attacker in formulating additional attacks. The severity of this vulnerability is classified as high. The original author of this module is vzamanillo.
An environmental information disclosure vulnerability in rack-mini-profiler could expose sensitive information about the application's environment. This information could be leveraged by attackers to gain insights into the system's configuration and potentially exploit other vulnerabilities.
The module works by sending an HTTP GET request to the path "/?pp=env" and then applying matching conditions to determine if the vulnerability is present. The matching conditions for this module include:
- Checking if the response contains the phrase "Rack Environment" - Verifying that the response status code is 200If both matching conditions are met, the module will report the vulnerability.
Example HTTP request:
GET /?pp=env
Note: The "max-request" metadata for this module is set to 1, indicating that only one request will be made during the scanning process.