From 247b07a76af3bf91643bca674cadb7809973d738 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 19 Aug 2021 22:11:11 +0530 Subject: [PATCH] Added grafana-public-signup --- misconfiguration/grafana-public-signup.yaml | 35 +++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 misconfiguration/grafana-public-signup.yaml diff --git a/misconfiguration/grafana-public-signup.yaml b/misconfiguration/grafana-public-signup.yaml new file mode 100644 index 0000000000..49bb9c6ad7 --- /dev/null +++ b/misconfiguration/grafana-public-signup.yaml @@ -0,0 +1,35 @@ +id: grafana-public-signup + +info: + name: Grafana Public Signup + author: pdteam + severity: medium + tags: grafana + +requests: + - raw: + - | + POST /api/user/signup/step2 HTTP/1.1 + Host: {{Hostname}} + content-type: application/json + Origin: {{BaseURL}} + Referer: {{BaseURL}} + + {"username":"{{randstr}}@tld","password":"{{randstr_1}}"} + + matchers-condition: and + matchers: + - type: word + words: + - "User sign up completed successfully" + + - type: word + words: + - "grafana_sess" + - "grafana_user" + condition: and + part: header + + - type: status + status: + - 200