Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Spring Boot LoggerConfig Actuator Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#springboot#exposure
Description

Spring Boot LoggerConfig Actuator Panel - Detect

Author: DhiyaneshDK

What is the Spring Boot LoggerConfig Actuator Panel - Detect module?

The Spring Boot LoggerConfig Actuator Panel - Detect module is designed to detect potential misconfigurations in the Log

Impact

How the module works?

The Spring Boot LoggerConfig Actuator Panel - Detect module works by sending HTTP requests to specific endpoints and matching the responses against predefined conditions. It targets the Spring Boot LoggerConfig Actuator Panel and aims to detect misconfigurations in the logging configuration.

Here is an example of an HTTP request sent by the module:

GET /loggingConfig HTTP/1.1
Host: example.com
Accept: application/json, application/vnd.spring-boot.actuator, application/vnd.spring-boot.actuator.v1+json

The module uses the following matching conditions:

- The response body must contain the words "loggingConfig" and "propertySources". - The response headers must include one of the following content types: application/json, application/vnd.spring-boot.actuator, or application/vnd.spring-boot.actuator.v1+json. - The response status code must be 200.

If all the matching conditions are met, the module will report a potential misconfiguration in the LoggerConfig Actuator Panel.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/loggingConfig/actuator/loggingCon...
Matching conditions
word: ["loggingConfig"], "propertySources"and
word: application/json, application/vnd.spring...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability