This video is about Grafana SSRF vulnerability that was reported to Gitlab bug bounty program on Hackerone. The reward for this bug was $12,000, as it was possible to request AWS metadata endpoint.

Follow me on twitter:
https://twitter.com/gregxsunday

Report:
https://hackerone.com/reports/878779

Justin Gardner:
https://twitter.com/Rhynorater

His talk on this topic – speaks about more ways of exploitation:
writeup:
https://rhynorater.github.io/CVE-2020-13379-Write-Up
video:
https://youtu.be/NWHOmYbLrZ0
slides: https://docs.google.com/presentation/d/1He_zFFXCuft3LsZTXbHKoDxQHNoSveZg2c2uF1HKuaw/edit

Fragments of vulnerable Grafana source code:
https://github.com/grafana/grafana/blob/78febbbeef1f23ccbb88c2bd3acd2e9c2011e02a/pkg/api/api.go#L423
https://github.com/grafana/grafana/blob/78febbbeef1f23ccbb88c2bd3acd2e9c2011e02a/pkg/api/avatar/avatar.go

Timestamps:
00:00 Intro
00:24 Redirect chain
03:56 Payload
04:24 Outro

#grafana #ssrf #gitlab #bug #bounty

Add comment

Your email address will not be published. Required fields are marked *