Spring Boot Framework 1.2.7 provides a default error page (also known as "Whitelabel Error Page"), that's prone to Spring Expression Language injection when the type of a parameter expected is not expected to be a string but a string is provided. Applications based on Spring Boot that don't deactivate the feature, or customize it in such a way as to stop the injection, are thus susceptible to execution of some Java statements and, in particular, to OS command injections.
This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent.
This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent.
CVE Link
Exploit Type - Old
Exploits/OS Command Injection/Known Vulnerabilities
Exploit Type
Product Name