rack-mini-profiler - Environment Information Disclosure

What is "rack-mini-profiler - Environment Information Disclosure?"

The "rack-mini-profiler - Environment Information Disclosure" module is designed to detect environmental information disclosure vulnerabilities in the rack-mini-profiler software. This vulnerability could potentially assist an attacker in formulating additional attacks. The severity of this vulnerability is classified as high. The original author of this module is vzamanillo.

Impact

An environmental information disclosure vulnerability in rack-mini-profiler could expose sensitive information about the application's environment. This information could be leveraged by attackers to gain insights into the system's configuration and potentially exploit other vulnerabilities.

How does the module work?

The module works by sending an HTTP GET request to the path "/?pp=env" and then applying matching conditions to determine if the vulnerability is present. The matching conditions for this module include:

- Checking if the response contains the phrase "Rack Environment" - Verifying that the response status code is 200

If both matching conditions are met, the module will report the vulnerability.

Example HTTP request:

GET /?pp=env

Note: The "max-request" metadata for this module is set to 1, indicating that only one request will be made during the scanning process.