Springboot Basic Test

Apr 14, 2023#渗透 #springboot200

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The article discusses how sensitive information like passwords can be extracted from the /actuator/env endpoint in SpringBoot websites using tools like SpringBoot-Scan and JDumpSpider. The article also provides sample code for extracting passwords from LinkedHashMap and Hashtable using SQL queries.

123

Find * Password#

In the SpringBoot site, there is an endpoint named /actuator/env. Usually, this endpoint will shield some sensitive information, such as passwords, and replace them with asterisks. If the target website can download the file /actuator/heapdump or /heapdump and decode it, sensitive information contained in it can be extracted.

You can also use this tool to scan SpringBoot nodes.

Github Repo not found

The embedded github repo could not be found…

mat#

select * from java.util.LinkedHashMap$Entry x WHERE (toString(x.key).contains("password"))
select * from java.util.Hashtable$Entry x WHERE (toString(x.key).contains("password"))

JDumpSpider#

Project address: https://github.com/whwlsfb/JDumpSpider

$ java -jar JDumpSpider-1.0-SNAPSHOT-full.jar heapdump

Image from: https://wallhaven.cc/