Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Spring Boot Actuators (Jolokia) XXE

By kannthu

High
Vidoc logoVidoc Module
#springboot#jolokia#xxe
Description

What is the "Spring Boot Actuators (Jolokia) XXE" module?

The "Spring Boot Actuators (Jolokia) XXE" module is a vulnerability detection module for the Vidoc platform. It targets the Spring Boot Actuators software and specifically focuses on the "jolokia" endpoint. This module detects XXE (XML External Entity) vulnerabilities in the Spring Boot Actuators (Jolokia) software. XXE vulnerabilities can allow attackers to read sensitive files, perform server-side request forgery (SSRF), or execute arbitrary code.

This module has a severity level of high, indicating that the vulnerability it detects can have a significant impact on the security of the system.

Impact

An XXE vulnerability in the Spring Boot Actuators (Jolokia) software can lead to various security risks, including:

- Unauthorized access to sensitive files - Exposure of sensitive information - Potential server-side request forgery (SSRF) attacks - Possible remote code execution

It is crucial to address this vulnerability promptly to prevent potential exploitation and protect the system from unauthorized access and data breaches.

How the module works?

The "Spring Boot Actuators (Jolokia) XXE" module works by sending HTTP requests to the targeted software and analyzing the responses based on predefined matching conditions. It specifically targets the following endpoints:

/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml
/actuator/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/random:915!/logback.xml

The module checks the response body for specific words, including "http:\/\/nonexistent:31337\/logback.xml", "reloadByURL", and "JoranException". It also verifies that the response status is 200. If these conditions are met, the module reports a vulnerability.

By using this module, you can proactively identify and address XXE vulnerabilities in the Spring Boot Actuators (Jolokia) software, enhancing the overall security of your system.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/jolokia/exec/ch.qos.../actuator/jolokia/ex...
Matching conditions
word: http:\/\/nonexistent:31337\/logback.xml,...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability