A Study Notes of Exploit Spring Boot Actuator

This page summarizes the projects mentioned and recommended in the original post on /r/TutorialBoy

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • yaml-payload

    A tiny project for generating SnakeYAML deserialization payloads

    • For the yaml-payload.jarcode see https://github.com/artsploit/yaml-payload, the key code is AwesomeScriptEngineFactory.javaclass, and Runtime is used in the constructor to execute system commands

  • Java-Deserialization-Cheat-Sheet

    The cheat sheet about Java Deserialization vulnerabilities

    • It can be known that this variable is used to specify the location of the bootstrap configuration file. The supported file formats include ymland properties. Friends who are familiar with Java security may think that the parsing of yml will have a problem of deserialization. If the content of the configuration file is here, we If you can control it, there is a possibility that it can be exploited.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • marshalsec

    • According to the introduction in https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf, in addition to the javax.script.ScriptEngineManager class , we can also use the com.sun.rowset.JdbcRowSetImplclass to complete the exploitation through JNDI injection. The payload is as follows

  • spring-boot-actuator-cloud-vul

    Spring Boot Actuator + Spring Cloud Vul Env

    • Spring Boot Actuator + Spring Cloud Vul Env

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Show HN: BandMatch – "Tinder" but for finding musicians to create bands/collab

    1 project | news.ycombinator.com | 3 May 2024

  • "Where is James?" – A reminder to choose your open-source libraries wisely

    1 project | news.ycombinator.com | 3 May 2024

  • "Where Is James?"

    1 project | news.ycombinator.com | 3 May 2024

  • Free widgets and alerts for multi-streamers

    1 project | news.ycombinator.com | 3 May 2024

  • How to Debug Failing Build Agent Pods in Kubernetes-enabled Jenkins

    1 project | dev.to | 3 May 2024