Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

rack-mini-profiler - Environment Information Disclosure

By kannthu

Vidoc logoVidoc Module

What is "rack-mini-profiler - Environment Information Disclosure?"

The "rack-mini-profiler - Environment Information Disclosure" module is designed to detect environmental information disclosure vulnerabilities in the rack-mini-profiler software. This vulnerability could potentially assist an attacker in formulating additional attacks. The severity of this vulnerability is classified as high. The original author of this module is vzamanillo.


An environmental information disclosure vulnerability in rack-mini-profiler could expose sensitive information about the application's environment. This information could be leveraged by attackers to gain insights into the system's configuration and potentially exploit other vulnerabilities.

How does the module work?

The module works by sending an HTTP GET request to the path "/?pp=env" and then applying matching conditions to determine if the vulnerability is present. The matching conditions for this module include:

- Checking if the response contains the phrase "Rack Environment" - Verifying that the response status code is 200

If both matching conditions are met, the module will report the vulnerability.

Example HTTP request:

GET /?pp=env

Note: The "max-request" metadata for this module is set to 1, indicating that only one request will be made during the scanning process.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Rack Environmentand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability