node-exporter-metrics: Detect Node Exporter Metrics

日期: 2025-08-01 | 影响软件: node exporter metrics | POC: 已公开

漏洞描述

Information Disclosure of Garbage Collection

PoC代码[已公开]

id: node-exporter-metrics

info:
  name: Detect Node Exporter Metrics
  author: pussycat0x,matejsmycka
  severity: low
  description: Information Disclosure of Garbage Collection
  metadata:
    max-request: 1
  tags: node,exposure,debug,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/metrics"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "node_cooling_device_cur_state{name="
          - "node_network_carrier{device="
          - "node_network_flags{device="
          - "node_cpu_seconds_total{cpu="
          - "node_filesystem_files{device="
        condition: or

      - type: status
        status:
          - 200
    extractors:
      - type: regex
        part: body
        regex:
          - 'node_os_info\{([^}]*)\}\s+1'
        internal: true
        name: os_info

      - type: regex
        part: body
        regex:
          - 'node_exporter_build_info\{([^}]*)\}\s+1'
        internal: true
        name: build_info

      - type: regex
        part: body
        regex:
          - 'node_dmi_info\{([^}]*)\}\s+1'
        internal: true
        name: bios_info

      - type: regex
        part: os_info
        group: 1
        regex:
          - 'pretty_name="([^"]+)"'

      - type: regex
        part: build_info
        group: 1
        regex:
          - 'goversion="([^"]+)"'
          - 'version="([^"]+)"'

      - type: regex
        part: bios_info
        group: 1
        regex:
          - 'bios_version="([^"]+)"'
          - 'bios_vendor="([^"]+)"'
          - 'chassis_vendor="([^"]+)"'
          - 'chassis_version="([^"]+)"'
          - 'product_name="([^"]+)"'
          - 'product_version="([^"]+)"'
# digest: 490a00463044022009c509fb3482ac2049deac78c1a86781782b67f4c4575bee89bdcc0fedbe50de02205cdc37ace218d746b4e6bccbe118992cef8db49850b0c8807a551064b5740739:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/node-exporter-metrics.yaml

相关漏洞推荐