nuclei-templates/misconfiguration/springboot/springboot-env.yaml

34 lines
809 B
YAML
Raw Normal View History

2021-01-28 17:43:50 +00:00
id: springboot-env
info:
name: Detect Springboot Env Actuator
author: that_juan_ & dwisiswant0 & wdahlenb
severity: high
description: Sensitive environment variables may not be masked
requests:
- method: GET
path:
- "{{BaseURL}}/env"
- "{{BaseURL}}/actuator/env"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "JAVA_HOME"
- "sping.config.location"
- "spring.application.name"
- "local.server.port"
condition: or
- type: status
status:
- 200
- type: word
words:
- "application/json"
- "application/vnd.spring-boot.actuator"
2021-01-28 15:56:38 +00:00
- "application/vnd.spring-boot.actuator.v1+json"
condition: or
part: header