springboot-trace: Detect Springboot Trace Actuator

日期: 2025-08-01 | 影响软件: springboot | POC: 已公开

漏洞描述

View recent HTTP requests and responses

PoC代码[已公开]

id: springboot-trace

info:
  name: Detect Springboot Trace Actuator
  author: that_juan_,dwisiswant0,wdahlenb
  severity: low
  description: View recent HTTP requests and responses
  metadata:
    max-request: 1
  tags: misconfig,springboot,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/trace"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"timestamp"'
          - '"info"'
          - '"method"'
          - '"path"'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"
          - "application/vnd.spring-boot.actuator"
          - "application/vnd.spring-boot.actuator.v1+json"
          - "application/vnd.spring-boot.actuator.v2+json"
          - "application/vnd.spring-boot.actuator.v3+json"
        condition: or

      - type: status
        status:
          - 200
# digest: 490a00463044022047274e84b12eb16842a30e373cad309cc5c35e6d0d78172bafffc96884a52c2902203c7a17982437278ad2033aa1c0f2dec25a6f1971a92a3e32607b0e3d0f4f2780:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/springboot/springboot-trace.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐