springboot-mappings: Detect Springboot Mappings Actuator

日期: 2025-08-01 | 影响软件: springboot | POC: 已公开

漏洞描述

Additional routes may be displayed

PoC代码[已公开]

id: springboot-mappings

info:
  name: Detect Springboot Mappings Actuator
  author: that_juan_,dwisiswant0,wdahlenb
  severity: low
  description: Additional routes may be displayed
  metadata:
    max-request: 2
  tags: springboot,exposure,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/mappings"
      - "{{BaseURL}}/actuator/mappings"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "mappings"
          - "method"
          - "produces"
        condition: and

      - type: word
        part: header
        words:
          - "application/json"
          - "application/vnd.spring-boot.actuator"
          - "application/vnd.spring-boot.actuator.v1+json"
        condition: or

      - type: status
        status:
          - 200
# digest: 490a00463044022035148ef4e912d907edfe4548e34460331c55eeaf19e2f7530856ec174b01d8d402203a46499700210625862e1421fac34228bb47f629ead62ccb227629d387f10a3c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/springboot/springboot-mappings.yaml

相关漏洞推荐