漏洞描述
OpenTSDB stats exposed which is commonly used in monitoring and observability scenarios where tracking and analyzing the performance of systems, applications, and infrastructure over time is essential.
opentsdb-status: OpenTSDB - Detect
PoC代码[已公开]
id: opentsdb-status
info:
name: OpenTSDB - Detect
author: pussycat0x
severity: low
description: |
OpenTSDB stats exposed which is commonly used in monitoring and observability scenarios where tracking and analyzing the performance of systems, applications, and infrastructure over time is essential.
reference:
- http://opentsdb.net/
classification:
cpe: cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: opentsdb
product: opentsdb
shodan-query: http.favicon.hash:407286339
tags: opentsdb,exposure,logs,vuln
http:
- method: GET
path:
- "{{BaseURL}}/stats?json"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "tsd.connectionmgr.connections"
- "tsd.http"
- "host"
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 490a0046304402206503691d88de37963c4f3779aeae8fe77c09da7b40a0c121b5ba2fa04c0f274002207ad3370f7202d4dead6b794d80f241ff1360d113a2bf805d7001ede406ef7cca:922c64590222798bb761d5b6d8e72950