Pwning OWASP’s Juice Shop Pt. 9: Exposed Metrics

Challenge: 

Name: Exposed Metrics

Description: Find the endpoint that serves usage data to be scraped by a popular monitoring system.

Difficulty: 1 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Tools used:

None.

Resources used:

Prometheus documentation: https://prometheus.io/docs/introduction/first_steps

Methodology: 

RTFM is the fastest route to solving this. The expanded description provides both the name of the monitoring system and a link to its documentation. It will likely take less than 30 seconds of scanning to find the default link, and maybe another 5-10 to type it into the address bar. In all likelihood, your fist guess would probably be right: http://localhost:3000/metrics

You successfully solved a challenge: Exposed Metrics (Find the endpoint that serves usage data to be scraped by a popular monitoring system.) X

Prevention and mitigation strategies:

Don’t allow users to access use metrics. Changing the link to something less generic (and non-default) along with restricting access to whitelisted IP addresses will provide reasonable protection. If you really want to obfuscate this link, you could even encode a password and use that as the link.

Lessons Learned and Things Worth Mentioning: 

  1. Nothing, really. Always remember that Juice Shop is intentionally insecure. Default links and easily guessable answers should be somewhat expected at the 1 star level.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s