Springboot Application Pentesting

Enumeration:

If you browse a page that returns: "Whitelabel Error Page", the application uses Springboot.

Then:

ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/spring-boot.txt:FUZZ -u http://DOMAIN.LOCAL/FFUZ -ic -t 100 (Enumerate the application using a Springboot specific wordlist)

If the "actuator" endpoint is exposed, this indicates a window for exploitation. The actuator endpoint shows multiple endpoints that expose different types of information and operations on an application.

You can find sensitive information and sometimes, the actuator endpoint can be used for RCE.

curl http://DOMAIN.LOCAL/actuator | jq (Enumerate actuator endpoint)

PreviousServer-Side Request Forgery (SSRF)NextSubdomain Enumeration

Last updated 4 months ago

hashtagEnumeration:

hashtagIf you browse a page that returns: "Whitelabel Error Page", the application uses Springboot.

hashtagThen:

hashtagIf the "actuator" endpoint is exposed, this indicates a window for exploitation. The actuator endpoint shows multiple endpoints that expose different types of information and operations on an application.

hashtagYou can find sensitive information and sometimes, the actuator endpoint can be used for RCE.

Enumeration:

If you browse a page that returns: "Whitelabel Error Page", the application uses Springboot.

Then:

If the "actuator" endpoint is exposed, this indicates a window for exploitation. The actuator endpoint shows multiple endpoints that expose different types of information and operations on an application.

You can find sensitive information and sometimes, the actuator endpoint can be used for RCE.