thanos-prometheus-exposure: Thanos Prometheus Setup - Exposure

日期: 2025-08-01 | 影响软件: thanos-prometheus-exposure | POC: 已公开

漏洞描述

Thanos graph endpoint was detected.

PoC代码[已公开]

id: thanos-prometheus-exposure

info:
  name: Thanos Prometheus Setup - Exposure
  author: DhiyaneshDk,righettod
  severity: high
  description: |
    Thanos graph endpoint was detected.
  reference:
    - https://thanos.io/
    - https://github.com/thanos-io/thanos
  metadata:
    verified: true
    max-request: 2
    shodan-query: title:"Thanos | Highly available Prometheus setup"
    fofa-query: icon_hash="29632872"
  tags: thanos,prometheus,exposure,setup,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/graph"
      - "{{BaseURL}}/classic/graph"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "THANOS_COMPONENT", "THANOS_QUERY_URL") || contains_all(body, "<title>Thanos", "href=\"/classic/\">Thanos</a>")'
        condition: and
# digest: 4a0a004730450221008c0a80c97aa58454e301670862ca2e48c06efbe190ee90b99144afbc1e46987d02202b310f85fb9d0d018d030a221ecbd7296a8f2c62801cb88d3d192db5e728863a:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/thanos-prometheus-exposure.yaml