Spring Actuators

Bookmarked!

This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.

PRO Medium 1-2 Hrs. 297 Brown Badge

Course

This course explores the exploitation of a Spring (1.4.*) application with exposed Spring Actuators and Spring Cloud, allowing attackers to update the service's configuration and gain code execution. The exercise is based on research from the mbechler/marshalsec repository and the "Exploiting Spring Boot Actuators" article by Veracode.

Skills covered

Injection Authentication Operating System Network

Included with PRO

Full course content 1 video Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account