nuclei-templates/http/misconfiguration/springboot/springboot-features.yaml

42 lines
1.0 KiB
YAML
Raw Permalink Normal View History

2022-10-17 03:37:07 +00:00
id: springboot-features
info:
2022-10-21 11:41:08 +00:00
name: Detects Springboot Features Actuator
2022-10-17 03:37:07 +00:00
author: DhiyaneshDK
severity: low
2024-01-03 06:08:41 +00:00
description: Springboot Features Actuator is exposed.
2022-10-17 03:37:07 +00:00
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 2
2022-10-17 03:37:07 +00:00
shodan-query: title:"Eureka"
2022-10-17 10:34:52 +00:00
tags: misconfig,springboot,exposure
2022-10-17 03:37:07 +00:00
http:
2022-10-17 03:37:07 +00:00
- method: GET
path:
- "{{BaseURL}}/features"
- "{{BaseURL}}/actuator/features"
stop-at-first-match: true
2023-10-14 11:27:55 +00:00
2022-10-17 03:37:07 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"enabled":['
- '"disabled":['
condition: and
- type: word
part: header
words:
- "application/json"
- "application/vnd.spring-boot.actuator"
- "application/vnd.spring-boot.actuator.v1+json"
condition: or
- type: status
status:
- 200
# digest: 490a0046304402202148285274425bd783ee3c14e44b4221e3f006026bad790d69bd4f9889b12462022047c94bb906bd56654d978ad028b38d342c318ddf2dd37a25f4f778cfe43b0d70:922c64590222798bb761d5b6d8e72950