oql-cheatsheet

OQL pentesting cheatsheet

Framework specific

Spring

---

Configuration Properties

select property from org.springframework.boot.context.properties.source.ConfigurationProperty property

select property.name.string.toString() + "=" + property.value.toString() from org.springframework.boot.context.properties.source.ConfigurationProperty property

List registered path patterns

select pathPattern from org.springframework.web.util.pattern.PathPattern pathPattern

select pathPattern.patternString.toString() from org.springframework.web.util.pattern.PathPattern pathPattern

General

Strings (java.lang.String)

---

Return all strings

select s from java.lang.String s

Return strings as strings

select s.toString() from java.lang.String s

Search for the keyword sentinel in all strings

select s from java.lang.String s where s.toString().contains("sentinel")

Search for PRIVATE KEYs

select s from java.lang.String s where s.toString().contains("PRIVATE KEY")