Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2025-12-16 05:45:41 +01:00
Code Issues Projects Releases Wiki Activity

feat(docs): Added documentation for the 'Java-Spring-Boot.txt' wordlist

Browse source 
Related to #1220
This commit is contained in:
ItsIgnacioPortal 2025-06-24 23:18:03 -03:00
parent 3b6d3affa1
commit 11a47a36b8
No known key found for this signature in database
GPG key ID: 065FBB22CEF40031
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Discovery/Web-Content/Programming-Language-Specific/README.md Normal file
View file

@ -0,0 +1,4 @@
## Java-Spring-Boot.txt
Use for: Detecting actuator endpoints, and testing for RCEs in Spring-Boot instances.
Note that it's possible for a spring-boot backend to be behind a spring-cloud-gateway, which may _only_ route all traffic prefixed with `/api/` to the backend. Consider fuzzing the starting prefix `api` with many different values to find what reaches the backend. A recommended wordlist to fuzz this value with is at `Fuzzing/Miscellaneous/schemes.txt`