New Templates added (#3913)
* Add files via upload * Auto Generated CVE annotations [Wed Mar 16 11:29:14 UTC 2022] 🤖 * Auto Generated New Template Addition List [Wed Mar 16 13:48:01 UTC 2022] 🤖 * moving templates into jolokia directory * duplicate of jolokia-unauthenticated-lfi * merged similar templates into one with updated matchers * Auto Generated New Template Addition List [Wed Mar 23 10:21:57 UTC 2022] 🤖 * Delete .new-additions * Auto Generated New Template Addition List [Wed Mar 23 10:22:29 UTC 2022] 🤖 * conflict update * Auto Generated New Template Addition List [Wed Mar 23 10:23:39 UTC 2022] 🤖 Co-authored-by: GitHub Action <action@github.com> Co-authored-by: sandeep <sandeep@projectdiscovery.io>patch-1
parent
468709381b
commit
c6e264a04e
|
@ -0,0 +1,73 @@
|
|||
id: jolokia-info-disclosure
|
||||
|
||||
info:
|
||||
name: Jolokia - Information disclosure
|
||||
author: pussycat0x
|
||||
severity: medium
|
||||
reference:
|
||||
- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
|
||||
- https://github.com/laluka/jolokia-exploitation-toolkit
|
||||
tags: jolokia,springboot,mbean,tomcat
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
|
||||
- "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
|
||||
- "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
|
||||
- "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
|
||||
- "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
|
||||
- "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
|
||||
- "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
|
||||
- "{{BaseURL}}/actuator/jolokia/read/java.lang:type=Memory"
|
||||
- "{{BaseURL}}/jolokia/read/java.lang:type=Memory"
|
||||
- "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
|
||||
- "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
|
||||
- "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
|
||||
- "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
|
||||
- "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
|
||||
- "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
|
||||
- "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
name: memory
|
||||
words:
|
||||
- '"java.lang:type=Memory"'
|
||||
|
||||
- type: word
|
||||
name: implementation-vendor
|
||||
words:
|
||||
- '"attribute":"ImplementationVendor"'
|
||||
|
||||
- type: word
|
||||
name: implementation-version
|
||||
words:
|
||||
- '"attribute":"ImplementationVersion"'
|
||||
|
||||
- type: word
|
||||
name: implementation-name
|
||||
words:
|
||||
- '"attribute":"ImplementationName"'
|
||||
|
||||
- type: word
|
||||
name: specification-vendor
|
||||
words:
|
||||
- '"attribute":"SpecificationVendor"'
|
||||
|
||||
- type: word
|
||||
name: mbean-serverid
|
||||
words:
|
||||
- '"attribute":"MBeanServerId"'
|
||||
|
||||
- type: word
|
||||
name: specification-name
|
||||
words:
|
||||
- '"attribute":"SpecificationName"'
|
||||
|
||||
- type: word
|
||||
name: specification-version
|
||||
words:
|
||||
- '"attribute":"SpecificationVersion'
|
|
@ -0,0 +1,28 @@
|
|||
id: jolokia-list
|
||||
|
||||
info:
|
||||
name: Jolokia - List
|
||||
author: pussycat0x
|
||||
severity: low
|
||||
reference:
|
||||
- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
|
||||
- https://github.com/laluka/jolokia-exploitation-toolkit
|
||||
tags: jolokia,springboot,tomcat
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/jolokia/list"
|
||||
- "{{BaseURL}}/actuator/jolokia/list"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"type":"list"'
|
|
@ -0,0 +1,30 @@
|
|||
id: jolokia-mbean-search
|
||||
|
||||
info:
|
||||
name: Jolokia -Searching MBeans
|
||||
author: pussycat0x
|
||||
severity: low
|
||||
reference:
|
||||
- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
|
||||
- https://github.com/laluka/jolokia-exploitation-toolkit
|
||||
tags: jolokia,springboot,mbean,tomcat
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/jolokia/search/*:test=test"
|
||||
- "{{BaseURL}}/actuator/jolokia/search/*:test=test"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"type":"search"'
|
||||
- '"value":'
|
||||
condition: and
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
|
||||
- https://github.com/laluka/jolokia-exploitation-toolkit
|
||||
tags: jolokia,lfi
|
||||
tags: jolokia,springboot,tomcat,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
Loading…
Reference in New Issue