漏洞描述
The integrationgraph endpoint exposes a graph containing all Spring Integration components.
springboot-integrationgraph: Springboot Actuator integrationgraph
PoC代码[已公开]
id: springboot-integrationgraph
info:
name: Springboot Actuator integrationgraph
author: ELSFA7110
severity: low
description: |
The integrationgraph endpoint exposes a graph containing all Spring Integration components.
reference:
- https://docs.spring.io/spring-boot/docs/current/actuator-api/htmlsingle/
metadata:
verified: true
max-request: 2
tags: misconfig,springboot,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/integrationgraph"
- "{{BaseURL}}/actuator/integrationgraph"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "provider"
- "integrationPatternType"
condition: and
- type: word
part: header
words:
- "application/json"
- "application/vnd.spring-boot.actuator"
- "application/vnd.spring-boot.actuator.v1+json"
- "application/vnd.spring-boot.actuator.v2+json"
- "application/vnd.spring-boot.actuator.v3+json"
condition: or
- type: status
status:
- 200
# digest: 480a00453043021f089f63db6c063ceec452ba54d488328781d71260c87133a8d3f92fce33ed6a022031fb3e86c3046b6cba53144c98967e104c12cadeb9192c43d7f6002fbbdb1af3:922c64590222798bb761d5b6d8e72950