Skip to content

Latest commit

 

History

History
49 lines (38 loc) · 1.08 KB

README.md

File metadata and controls

49 lines (38 loc) · 1.08 KB

oql-cheatsheet

OQL pentesting cheatsheet

Framework specific

Spring


Configuration Properties

select property from org.springframework.boot.context.properties.source.ConfigurationProperty property
select property.name.string.toString() + "=" + property.value.toString() from org.springframework.boot.context.properties.source.ConfigurationProperty property

List registered path patterns

select pathPattern from org.springframework.web.util.pattern.PathPattern pathPattern
select pathPattern.patternString.toString() from org.springframework.web.util.pattern.PathPattern pathPattern

General

Strings (java.lang.String)


Return all strings

select s from java.lang.String s

Return strings as strings

select s.toString() from java.lang.String s

Search for the keyword sentinel in all strings

select s from java.lang.String s where s.toString().contains("sentinel")

Search for PRIVATE KEYs

select s from java.lang.String s where s.toString().contains("PRIVATE KEY")