search

Spring Boot (Java)

hashtag
Resources

LogoSBSCAN: A Penetration Testing Tool Focused on the Spring FrameworkMediumchevron-right
LogoSPRING BOOT PENTESTING PART 1- FUNDAMENTALSCertcube labs Cyber Security Research Blogschevron-right
LogoHow I Found and Bypassed a Spring Boot Actuator Information Disclosure BugMediumchevron-right
LogoFuzzing ~98,000 Random Spring Boot Servers For AWS S3 KeysMediumchevron-right
LogoSpring Actuators | Hacktricksblog.1nf1n1ty.teamchevron-right

hashtag
Enumeration

  1. Directory traversal

LogoSecLists/Discovery/Web-Content/Programming-Language-Specific/Java-Spring-Boot.txt at master · danielmiessler/SecListsGitHubchevron-right

  1. Additional endpoints

hashtag
Vulnerabilities

Certain versions of nginx + spring boot are vulnerable to an ACL list bypass attack:

LogoProxy / WAF Protections Bypass | Hacktricksblog.1nf1n1ty.teamchevron-right

PreviousFramework specificNextH2 database

Last updated