Hijacking Spring Boot Sessions via /actuator
How an exposed /actuator/sessions endpoint on the HTB CozyHosting box turns into a full authentication bypass — and a refresher on the sudo ssh GTFObin.
My thoughts
How an exposed /actuator/sessions endpoint on the HTB CozyHosting box turns into a full authentication bypass — and a refresher on the sudo ssh GTFObin.