漏洞描述
Sensitive environment variables may not be masked
springboot-env: Springboot Env Actuator - Detect
PoC代码[已公开]
id: springboot-env
info:
name: Springboot Env Actuator - Detect
author: that_juan_,dwisiswant0,wdahlenb,philippedelteil,stupidfish
severity: low
description: Sensitive environment variables may not be masked
metadata:
max-request: 4
tags: misconfig,springboot,env,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/env"
- "{{BaseURL}}/actuator/env"
- "{{BaseURL}}/actuator;/env;"
- "{{BaseURL}}/message-api/actuator/env"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "applicationConfig"
- "activeProfiles"
condition: or
- type: word
part: body
words:
- "server.port"
- "local.server.port"
condition: or
- type: word
part: header
words:
- "application/json"
- "application/vnd.spring-boot.actuator"
- "application/vnd.spring-boot.actuator.v1+json"
- "application/vnd.spring-boot.actuator.v2+json"
- "application/vnd.spring-boot.actuator.v3+json"
condition: or
- type: status
status:
- 200
# digest: 4a0a00473045022056e57840cc56ae6782bc4fe95e62a3eb07b341bfc1d8a7b34d903a1bdef414f4022100d1f375e4dca5395b85369e3e4737ed19d4b80ddbbcea8be8b80e7b2373e85ba0:922c64590222798bb761d5b6d8e72950