$12,000 Grafana SSRF in Gitlab – Bug Bounty Reports Explained
Follow me on twitter:
https://twitter.com/gregxsunday
Report:
https://hackerone.com/reports/878779
Justin Gardner:
https://twitter.com/Rhynorater
His talk on this topic – speaks about more ways of exploitation:
writeup:
https://rhynorater.github.io/CVE-2020-13379-Write-Up
video:
https://youtu.be/NWHOmYbLrZ0
slides: https://docs.google.com/presentation/d/1He_zFFXCuft3LsZTXbHKoDxQHNoSveZg2c2uF1HKuaw/edit
Fragments of vulnerable Grafana source code:
https://github.com/grafana/grafana/blob/78febbbeef1f23ccbb88c2bd3acd2e9c2011e02a/pkg/api/api.go#L423
https://github.com/grafana/grafana/blob/78febbbeef1f23ccbb88c2bd3acd2e9c2011e02a/pkg/api/avatar/avatar.go
Timestamps:
00:00 Intro
00:24 Redirect chain
03:56 Payload
04:24 Outro
#grafana #ssrf #gitlab #bug #bounty
Add comment