id: grafana-public-signup

info:
  name: Grafana Public Signup
  author: pdteam
  severity: medium
  metadata:
    max-request: 1
    shodan-query: title:"Grafana"
  tags: grafana,intrusive,misconfig

http:
  - raw:
      - |
        POST /api/user/signup/step2 HTTP/1.1
        Host: {{Hostname}}
        content-type: application/json
        Origin: {{BaseURL}}
        Referer: {{BaseURL}}

        {"username":"{{randstr}}","password":"{{randstr_1}}"}

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "User sign up completed successfully"

      - type: word
        words:
          - "grafana_sess"
          - "grafana_user"
        condition: and
        part: header

      - type: status
        status:
          - 200

# digest: 4a0a004730450221008d17e057471dcda3505467d05d41aa5c32db96f2146ca1c43f7a88beae3584c002207709b004fd68285d4ffa9bfb6ea1af8301a483730ea986f3b7ee046ed8301eed:922c64590222798bb761d5b6d8e72950