hunt-springboot

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive playbook for exploiting Spring Boot applications—detailing unauthorized data exfiltration (heapdump/env), credential theft, and multiple remote code execution/backdoor techniques (H2 CREATE ALIAS, SpEL exec, Spring4Shell webshell, Jolokia/MLet), which demonstrates clear malicious intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow uses curl to fetch outsider-authored free text from the target application over HTTP (e.g., /actuator, /actuator/env, /actuator/heapdump, /actuator/mappings, /actuator/beans, /jolokia), then parses/filters that returned content into LLM-readable strings/JSON that the agent would include in its context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Spring4Shell detection uses the URL pattern "jar:http://COLLAB_HOST/test.jar!/" which instructs the target to download and load a remote JAR (executing remote code) and the exploit flow depends on that external artifact being hosted, so this is a runtime external dependency that executes code.