Accessing Grofers Grafana Instance Using Shodan
2021-09-15 00:09:55 Author: infosecwriteups.com(查看原文) 阅读量:179 收藏

Lohith Gowda M

Hello People….

After a long time, there is one interesting bug I have found in Grofers using a simple Shodan search. The vulnerability could have allowed an attacker to access the internal API monitoring dashboard of Grofers. This is my 2nd report to Grofers Security team.

I will give small brief info who don’t know about shodan!

Shodan, a search engine for all ports within the internet, can help enterprises identify and lock down security vulnerabilities Shodan is the search engine for everything on the internet.

Exploit Scenario:

Always my bug bounty journey I will start with shodan search or crt.sh (subdomain enumeration). recently I found a bug on Dunzo using crt.sh.

Started with simple shodan dork…

Shodan Dork

I found multiple hosts related to the Grofers domain. But I observed one interesting host. Immediately opened that host and it’s a Grafana instance login dashboard…

Grofers Grafana Dashboard

But….I don’t know that username and password….

Entered default username and password like admin: admin.

But the interesting part here is…when I entered username & password (admin: admin), the login page redirected to the new password page and got an alert “Logged in”.

New Password Page

Then again entered the password as admin. At the same time, 2 alerts popped up…

  • Invalid or expired reset password code
  • User password changed

Updated Password page

Password got updated. I can access the complete Grafana instance.

Grafana Dashboard

Then I created a report along with POC and submitted it to Grofers security team.

Report Timeline:

08 Dec 2020 — Reported to Security Team

09 Dec 2020 — First response from the team

15 Dec 2020 — Issue fixed

02 Sep 2021 — Received 25k Bounty + Hall of fame + Appreciation letter

Bounty from Grofers

Thanks to the Grofers Team!

Thanks for reading!….Happy Hacking!

Linkedin: Lohith Gowda M

Twitter: lohigowda_in

Instagram: lohigowda.in

Portfolio: https://www.lohigowda.in/


文章来源: https://infosecwriteups.com/accessing-grofers-grafana-instance-using-shodan-52c585ada797?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh