Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Spring Boot H2 Database - Remote Command Execution" module is designed to detect a vulnerability in the Spring Boot H2 Database software. This vulnerability allows remote code execution, posing a critical security risk. The module targets instances of the Spring Boot H2 Database and checks for misconfigurations that could lead to remote command execution.
This module was created by an unknown author.
If exploited, this vulnerability can allow an attacker to execute arbitrary commands on the target system. This can lead to unauthorized access, data theft, and potential compromise of the entire system.
The module sends a specific HTTP request to the target system, targeting the "/actuator/env" endpoint. The request includes a payload that attempts to create a malicious alias and execute a command. The module then checks the response to determine if the payload was successful.
The module uses the following matching conditions to identify the vulnerability:
- Status code: The response must have a status code of 200. - Response body: The response body must contain the string "\"spring.datasource.hikari.connection-test-query\":\"CREATE ALIAS EXEC AS CONCAT".If both conditions are met, the module reports a vulnerability.