banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。
HomeArchives图文

Springboot Basic Test

#渗透#springboot105
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses how sensitive information like passwords can be extracted from the /actuator/env endpoint in SpringBoot websites using tools like SpringBoot-Scan and JDumpSpider. The article also provides sample code for extracting passwords from LinkedHashMap and Hashtable using SQL queries.

123

Find * Password#

In the SpringBoot site, there is an endpoint named /actuator/env. Usually, this endpoint will shield some sensitive information, such as passwords, and replace them with asterisks. If the target website can download the file /actuator/heapdump or /heapdump and decode it, sensitive information contained in it can be extracted.

You can also use this tool to scan SpringBoot nodes.

mat#

image-20230406201515932

select * from java.util.LinkedHashMap$Entry x WHERE (toString(x.key).contains("password"))
select * from java.util.Hashtable$Entry x WHERE (toString(x.key).contains("password"))

image-20230406190632405

JDumpSpider#

Project address: https://github.com/whwlsfb/JDumpSpider

$ java -jar JDumpSpider-1.0-SNAPSHOT-full.jar heapdump

Image from: https://wallhaven.cc/

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.