id: jolokia-info-disclosure info: name: Jolokia - Information disclosure author: pussycat0x severity: medium reference: - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/ - https://github.com/laluka/jolokia-exploitation-toolkit tags: jolokia,springboot,mbean,tomcat requests: - method: GET path: - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName" - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor" - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion" - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId" - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName" - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor" - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion" - "{{BaseURL}}/actuator/jolokia/read/java.lang:type=Memory" - "{{BaseURL}}/jolokia/read/java.lang:type=Memory" - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName" - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor" - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion" - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId" - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName" - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor" - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion" matchers-condition: or matchers: - type: word name: memory words: - '"mbean":"java.lang:type=Memory"' - type: word name: implementation-vendor words: - '"attribute":"ImplementationVendor"' - type: word name: implementation-version words: - '"attribute":"ImplementationVersion"' - type: word name: implementation-name words: - '"attribute":"ImplementationName"' - type: word name: specification-vendor words: - '"attribute":"SpecificationVendor"' - type: word name: mbean-serverid words: - '"attribute":"MBeanServerId"' - type: word name: specification-name words: - '"attribute":"SpecificationName"' - type: word name: specification-version words: - '"attribute":"SpecificationVersion'