GabberLevi Posted March 3, 2022 Share Posted March 3, 2022 Hello .. I am Auditing a Company Public/Open Springboot Actuator Enpoints and have founde this .. Is there anyway to Read some Private/Sensitive Files or Edit ? /actuator/mappings ::Content::: {"contexts":{"application-1":{"mappings":{"dispatcherHandlers":{"webHandler":[{"predicate":"{GET /actuator/archaius, produces [application/vnd.spring-boot.actuator.v2+json || application/json]}","handler":"org.springframework.boot.actuate.endpoint.web.reactive.AbstractWebFluxEndpointHandlerMapping$ReadOperationHandler@549111d1","details":{"handlerMethod":{"className":"org.springframework.boot.actuate.endpoint.web.reactive.AbstractWebFluxEndpointHandlerMapping.ReadOperationHandler","name":"handle","descriptor":"(Lorg/springframework/web/server/ServerWebExchange;)Lorg/reactivestreams/Publisher;"},"handlerFunction":null,"requestMappingConditions":{"consumes":[],"headers":[],"methods":["GET"],"params":[],"patterns":["/actuator/archaius"],"produces":[{"mediaType":"application/vnd.spring-boot.actuator.v2+json","negated":false},{"mediaType":"application/json","negated":false}]}}},{"predicate":"{GET /actuator/nacos-discovery, produces [application/vnd.spring-boot.actuator.v2+json ||application/json]}","handler":"org.springframework.boot.actuate.endpoint.web.reactive.AbstractWebFluxEndpointHandlerMapping$ReadOperationHandler@39f28ea7","details":{"handlerMethod": Link to comment Share on other sites More sharing options...
digininja Posted March 4, 2022 Share Posted March 4, 2022 Not if you don't know what you are doing, even if it is vulnerable. Without a proper security audit there is no way to tell. I'm happy to talk day rates if you want that doing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.