nuclei-templates/http/misconfiguration/springboot/springboot-configprops.yaml

38 lines
893 B
YAML

id: springboot-configprops
info:
name: Detect Springboot Configprops Actuator
author: that_juan_,dwisiswant0,wdahlenb
severity: low
description: Sensitive environment variables may not be masked
tags: springboot,exposure,misconfig
metadata:
max-request: 2
http:
- method: GET
path:
- "{{BaseURL}}/configprops"
- "{{BaseURL}}/actuator/configprops"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "org.springframework.boot.actuate"
- "beans"
- "contexts"
condition: and
- type: status
status:
- 200
- type: word
words:
- "application/json"
- "application/vnd.spring-boot.actuator"
- "application/vnd.spring-boot.actuator.v1+json"
condition: or
part: header