Jump to content

Springboot Actuator Endoint Extract Info ?


GabberLevi

Recommended Posts

Hello ..

I am Auditing a Company Public/Open Springboot Actuator Enpoints and have founde this .. Is there anyway to Read some Private/Sensitive Files or Edit ?

/actuator/mappings


::Content:::

{"contexts":{"application-1":{"mappings":{"dispatcherHandlers":{"webHandler":[{"predicate":"{GET /actuator/archaius, produces [application/vnd.spring-boot.actuator.v2+json || application/json]}","handler":"org.springframework.boot.actuate.endpoint.web.reactive.AbstractWebFluxEndpointHandlerMapping$ReadOperationHandler@549111d1","details":{"handlerMethod":{"className":"org.springframework.boot.actuate.endpoint.web.reactive.AbstractWebFluxEndpointHandlerMapping.ReadOperationHandler","name":"handle","descriptor":"(Lorg/springframework/web/server/ServerWebExchange;)Lorg/reactivestreams/Publisher;"},"handlerFunction":null,"requestMappingConditions":{"consumes":[],"headers":[],"methods":["GET"],"params":[],"patterns":["/actuator/archaius"],"produces":[{"mediaType":"application/vnd.spring-boot.actuator.v2+json","negated":false},{"mediaType":"application/json","negated":false}]}}},{"predicate":"{GET /actuator/nacos-discovery, produces [application/vnd.spring-boot.actuator.v2+json ||application/json]}","handler":"org.springframework.boot.actuate.endpoint.web.reactive.AbstractWebFluxEndpointHandlerMapping$ReadOperationHandler@39f28ea7","details":{"handlerMethod":

Link to comment
Share on other sites

Not if you don't know what you are doing, even if it is vulnerable.

Without a proper security audit there is no way to tell. I'm happy to talk day rates if you want that doing.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...