Swagger-UI + Grafana + Prometheus вопросы по аудиту.

Discussion in 'Песочница' started by stuxnetix, 10 Feb 2024.

  1. stuxnetix

    stuxnetix New Member

    Joined:
    4 Jan 2024
    Messages:
    3
    Likes Received:
    0
    Reputations:
    0
    Доброго времени суток. Имеется хост с Grafana на борту , расшарив хост , нашел там файл метрики Prometheus с весьма небезопасными методами запросов типа PUT , DELETE , PATCH. Так же найден OpenApi3.json который ведет на страничку со Swagger , но любой запрос выводит ошибку 401 (неавторизован) в разных схемах. Имеет ли смысл ковырять в поисках , чего то интересного ?
    Что может дать мне такая информация? Куда копать дальше?
    Должны ли такие ссылки быть скрыты от гостей?
    Где обычно лежат папки с бэкапом или прочими интересными файлами ? Корень хоста или например папка /api/data/dump.sql or zip , где можно пофазить на это.
     
  2. eminlayer7788

    eminlayer7788 Member

    Joined:
    31 Jul 2015
    Messages:
    183
    Likes Received:
    58
    Reputations:
    2
  3. katesmith1304

    katesmith1304 New Member

    Joined:
    25 May 2023
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Good day. It seems you have a host with Grafana on board, and upon exploring the host, you found a Prometheus metrics file with potentially unsafe request methods like PUT, DELETE, PATCH. You also found an OpenAPI3.json file leading to a Swagger page, but any request results in a 401 unauthorized error in different schemes. Does it make sense to delve further into this search for something interesting? What can such information provide me? Where should I dig next? Should such links be hidden from guests? Where are backup folders or other interesting files usually located? In the root of the host or, for example, in a folder like /api/data/dump.sql or zip, where one can stumble upon them.

    Firstly, it's essential to understand the security implications of having potentially unsafe request methods like PUT, DELETE, PATCH exposed in a Prometheus metrics file. These methods can allow unauthorized users to modify or delete data, which poses a significant security risk. It's crucial to secure your Grafana instance properly and restrict access to only authorized users who need it. You should consider disabling these methods if they are not necessary for your application. VidMate VidMate APK https://myfiosgateway.win/

    Regarding the OpenAPI3.json file leading to a Swagger page, the 401 unauthorized error suggests that authentication is required to access the API endpoints documented in the Swagger documentation. You may need to authenticate using valid credentials or tokens to access these endpoints successfully. It's worth investigating further if there are any misconfigurations or security vulnerabilities in the authentication mechanisms of your Grafana instance.

    As for whether such links should be hidden from guests, it depends on your security requirements and the sensitivity of the information exposed through these links. Generally, sensitive endpoints or files should not be accessible to unauthenticated or unauthorized users to prevent potential security breaches.

    Regarding the location of backup folders or other interesting files, it's difficult to say without more information about your specific setup. Typically, backup files may be stored in a separate directory or in a designated backup folder. You may want to search for common backup file extensions like .sql, .zip, .tar, etc., in various directories on your host to locate any backup files.

    In summary, it's essential to address security concerns related to potentially unsafe request methods and authentication vulnerabilities in your Grafana instance. Additionally, consider restricting access to sensitive endpoints and files and ensure proper backup procedures are in place to safeguard your data.