exposed-alps-spring: Exposed Spring Data REST Application-Level Profile Semantics (ALPS)

日期: 2025-08-01 | 影响软件: exposed-alps-spring | POC: 已公开

漏洞描述

Exposed Spring Data profile semantics is exposed.

PoC代码[已公开]

id: exposed-alps-spring

info:
  name: Exposed Spring Data REST Application-Level Profile Semantics (ALPS)
  author: dwisiswant0
  severity: medium
  description: Exposed Spring Data profile semantics is exposed.
  reference:
    - https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/
  metadata:
    max-request: 3
  tags: exposure,spring,files,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/profile"
      - "{{BaseURL}}/api/profile"
      - "{{BaseURL}}/alps/profile"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "_links"
          - "/alps/"
          - "profile"
        condition: and
        part: body

      - type: word
        words:
          - "application/hal+json"
        part: header

      - type: status
        status:
          - 200
# digest: 490a00463044022013683171125394c32e8eafb36866a18b7bc62af2462a0c610f5e04b0007e0ae7022078f23723771230a7ee786f7ac63fd749d2162473ef814f0323670d323dd581e5:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/files/exposed-alps-spring.yaml