Normalize page header for GraphQL, Deserialization, SCM

2026-01-07 02:03:31 -08:00 · 2024-11-10 14:37:48 +01:00
parent 2deb20a6f1
commit 2304101657
21 changed files with 262 additions and 129 deletions
--- a/Interface/README.md
+++ b/Interface/README.md
@@ -1,5 +1,10 @@
 # Insecure Management Interface

+> Insecure Management Interface refers to vulnerabilities in administrative interfaces used for managing servers, applications, databases, or network devices. These interfaces often control sensitive settings and can have powerful access to system configurations, making them prime targets for attackers.
+
+> Insecure Management Interfaces may lack proper security measures, such as strong authentication, encryption, or IP restrictions, allowing unauthorized users to potentially gain control over critical systems. Common issues include using default credentials, unencrypted communications, or exposing the interface to the public internet.
+
+
 ## Summary

 * [Springboot-Actuator](#springboot-actuator)
@@ -27,12 +32,14 @@ Note: Sensitive endpoints will require a username/password when they are accesse

 Since Springboot 2.X only `/health` and `/info` are enabled by default.

+
 ### Remote Code Execution via `/env`

 Spring is able to load external configurations in the YAML format.
 The YAML config is parsed with the SnakeYAML library, which is susceptible to deserialization attacks.
 In other words, an attacker can gain remote code execution by loading a malicious config file.

+
 #### Steps

 1. Generate a payload of SnakeYAML deserialization gadget.