Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detect Springboot Conditions Actuator

By kannthu

Low
Vidoc logoVidoc Module
#misconfig#springboot#exposure
Description

What is the "Detect Springboot Conditions Actuator?" module?

The "Detect Springboot Conditions Actuator" module is designed to detect potential misconfigurations in Spring Boot applications. It specifically targets the Spring Boot Actuator's "/conditions" and "/actuator/conditions" endpoints. This module has a low severity level and was authored by DhiyaneshDK.

Impact

This module helps identify misconfigurations in Spring Boot applications, which can potentially expose sensitive information or lead to security vulnerabilities. By detecting these conditions, developers can take appropriate measures to secure their applications and prevent potential attacks.

How does the module work?

The "Detect Springboot Conditions Actuator" module works by sending HTTP requests to the "/conditions" and "/actuator/conditions" endpoints of a Spring Boot application. It then applies matching conditions to determine if any misconfigurations are present.

Here is an example of an HTTP request sent by the module:

GET /conditions
Host: example.com

The module uses the following matching conditions:

- The response body must contain the words "\"positiveMatches\":{" and "\"unconditionalClasses\":[". - The request must have one of the following headers: "application/json", "application/vnd.spring-boot.actuator", or "application/vnd.spring-boot.actuator.v1+json". - The response status code must be 200.

If all of these conditions are met, the module will report a potential misconfiguration in the Spring Boot application.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/conditions/actuator/conditions
Matching conditions
word: "positiveMatches":{, "unconditionalClass...and
word: application/json, application/vnd.spring...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability