GabberLevi Posted March 3, 2022 Share Posted March 3, 2022 (edited) Hello .. I am Auditing a Company Public/Open Springboot Actuator Enpoints and have founde this .. Is there anyway to Read some Private/Sensitive Files or Edit ? /actuator/mappings ::Content::: {"contexts":{"application-1":{"mappings":{"dispatcherHandlers":{"webHandler":[{"predicate":"{GET /actuator/archaius, produces [application/vnd.spring-boot.actuator.v2+json || application/json]}","handler":"org.springframework.boot.actuate.endpoint.web.reactive.AbstractWebFluxEndpointHandlerMapping$ReadOperationHandler@549111d1","details":{"handlerMethod":{"className":"org.springframework.boot.actuate.endpoint.web.reactive.AbstractWebFluxEndpointHandlerMapping.ReadOperationHandler","name":"handle","descriptor":"(Lorg/springframework/web/server/ServerWebExchange;)Lorg/reactivestreams/Publisher;"},"handlerFunction":null,"requestMappingConditions":{"consumes":[],"headers":[],"methods":["GET"],"params":[],"patterns":["/actuator/archaius"],"produces":[{"mediaType":"application/vnd.spring-boot.actuator.v2+json","negated":false},{"mediaType":"application/json","negated":false}]}}},{"predicate":"{GET /actuator/nacos-discovery, produces [application/vnd.spring-boot.actuator.v2+json ||application/json]}","handler":"org.springframework.boot.actuate.endpoint.web.reactive.AbstractWebFluxEndpointHandlerMapping$ReadOperationHandler@39f28ea7","details":{"handlerMethod": Edited March 4, 2022 by digininja trimmed to make readable Quote Link to comment Share on other sites More sharing options...
digininja Posted March 4, 2022 Share Posted March 4, 2022 Not if you don't know what you are doing, even if it is vulnerable. Without a proper security audit there is no way to tell. I'm happy to talk day rates if you want that doing. 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.