webPromedium
Lab 138 — PulseGuard — SpEL Injection via Whitelabel Error Page
hackadvisor
Task: Spring Boot 2.4.1 monitoring platform with WAF and Whitelabel Error Page that evaluates SpEL expressions in NumberFormatException messages. Solution: SpEL injection via type reference with space bypass (T ( instead of T(), string construction via Character.toString() to avoid literals, and reflection-based Scanner+File for arbitrary file read.
$ ls tags/ techniques/
honeypot_flag_identificationspel_injection_via_whitelabel_error_pagewaf_bypass_space_in_type_referencestring_construction_via_character_tostringreflection_based_object_instantiationscanner_file_read_without_runtime_exec
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lab 172 — PulseGuard — Insecure Deserialization via JSON.NET TypeNameHandling— hackadvisor
- [web][Pro]Lab 84 — PulseView— hackadvisor
- [web][Pro]Lab 170 — PulseGuard — SnakeYAML Deserialization to H2 JDBC OOB Exfiltration— hackadvisor
- [web][Pro]Lab 378 — PulseBoard — Cache Poisoning XSS via Next.js Header Misclassification— hackadvisor
- [web][Pro]Lab 145 — RankPulse — XXE via Sitemap XML Parsing— hackadvisor