nuclei-templates/misconfiguration/springboot/springboot-heapdump.yaml

39 lines
1019 B
YAML
Raw Normal View History

2021-01-28 17:43:50 +00:00
id: springboot-heapdump
info:
name: Detect Springboot Heapdump Actuator
author: that_juan_ & dwisiswant0 & wdahlenb
severity: critical
description: Environment variables and HTTP requests can be found in the HPROF
requests:
- method: GET
path:
- "{{BaseURL}}/heapdump"
- "{{BaseURL}}/actuator/heapdump"
matchers-condition: and
matchers:
- type: binary
part: body
binary:
- "4a4156412050524f46494c45" # "JAVA PROFILE"
- "4850524f46" # "HPROF"
- "1f8b080000000000" # Gunzip magic byte
condition: or
- type: status
status:
- 200
- type: word
words:
- "application/octet-stream"
- "application/vnd.spring-boot.actuator"
2021-01-28 15:56:38 +00:00
- "application/vnd.spring-boot.actuator.v1+json"
condition: or
part: header
- type: dsl
dsl:
- "len(body) >= 100000"
- "content_length >= 100000"
condition: or
2021-01-28 18:36:15 +00:00
part: header