Springboot Actuator integrationgraph
ID: springboot-integrationgraph
Severity: low
Author: ELSFA7110
Tags: misconfig,springboot,exposure
Description
Section titled “Description”The integrationgraph endpoint exposes a graph containing all Spring Integration components.
YAML Source
Section titled “YAML Source”id: springboot-integrationgraph
info: name: Springboot Actuator integrationgraph author: ELSFA7110 severity: low description: | The integrationgraph endpoint exposes a graph containing all Spring Integration components. reference: - https://docs.spring.io/spring-boot/docs/current/actuator-api/htmlsingle/ metadata: verified: true max-request: 2 tags: misconfig,springboot,exposure
http: - method: GET path: - "{{BaseURL}}/integrationgraph" - "{{BaseURL}}/actuator/integrationgraph"
stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "provider" - "integrationPatternType" condition: and
- type: word part: header words: - "application/json" - "application/vnd.spring-boot.actuator" - "application/vnd.spring-boot.actuator.v1+json" - "application/vnd.spring-boot.actuator.v2+json" - "application/vnd.spring-boot.actuator.v3+json" condition: or
- type: status status: - 200# digest: 4a0a004730450221008cab36d8f99a554071c6ab38bdd5c0f64d8ad673b3dd3ada298090a582d5ef0202204beee46f028c8b2b4a2164233d88f7ea1e406f004d88e0e432103cc4faed6ac3:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/misconfiguration/springboot/springboot-integrationgraph.yaml"