id: exposed-alps-spring info: name: Exposed Spring Data REST Application-Level Profile Semantics (ALPS) author: dwisiswant0 severity: medium tags: file,exposures reference: https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/ requests: - method: GET path: - "{{BaseURL}}/profile" - "{{BaseURL}}/api/profile" - "{{BaseURL}}/alps/profile" matchers-condition: and matchers: - type: word words: - "_links" - "/alps/" - "profile" condition: and part: body - type: word words: - "application/hal+json" part: header - type: status status: - 200