关联漏洞
标题:
Grafana 路径遍历漏洞
(CVE-2021-43798)
描述:Grafana是Grafana实验室的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana 8.0.0-beta1至8.3.0存在路径遍历漏洞,攻击者可利用该漏洞执行目录遍历攻击,访问本地文件。
描述
Script to demonstrate the Grafana directory traversal exploit (CVE-2021-43798).
介绍
# Grafana CVE-2021-43798 Exploit Script
Script to demonstrate the Grafana directory traversal exploit (CVE-2021-43798) that affects Grafana versions 8.0.0-beta1 through 8.3.0.
Primarily used for a demonstration in a CTF. Written in python with standard library modules only. Only use this for legitimate purposes e.g testing and CTFs please.
## Installation
``` bash
wget https://raw.githubusercontent.com/Jroo1053/GrafanaDirInclusion/master/exploit.py
```
## Usage
```bash
usage: exploit.py [-h] -u TARGET_URL -p TARGET_PORT [-o OUTPUT_FILE] -f TARGET_FILE
Grafana CVE-2021-43798 (File Read Exploit)
optional arguments:
-h, --help show this help message and exit
-u TARGET_URL Target URL
-p TARGET_PORT Target Port
-o OUTPUT_FILE Output File
-f TARGET_FILE Remote File To Read
```
文件快照
[4.0K] /data/pocs/13c55fa210750b2f4d708536a38b06572b02bc28
├── [ 812] README.md
├── [ 13] requirements.txt
├── [4.0K] src
│ └── [4.6K] exploit.py
├── [4.0K] test
│ └── [ 609] test_script.py
└── [1.2K] UNLICENSE
2 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。