关联漏洞
标题:
Grafana 安全漏洞
(CVE-2025-4123)
描述:Grafana是Grafana开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在安全漏洞,该漏洞源于客户端路径遍历和开放重定向结合,可能导致跨站脚本攻击。
描述
CVE-2025-4123 Grafana Open Redirect Exploit
介绍
# CVE-2025-4123 PoC
**A small proof-of-concept tool** — sends a specific payload to a target and checks for 301/302 redirect responses, reporting the `Location` header.
> This repository is intended for educational/research purposes only. Follow responsible disclosure policies. Below are usage and build instructions.
---
## Summary
This tool sends a request to a domain with the following payload appended, and if the server responds with 301 (Moved Permanently) or 302 (Found), it checks the `Location` header to detect a potential vulnerability.
Payload: `/public/..%2F%5cgoogle.com%2F%3f%2F..%2F..`
The program disables Go's automatic redirect following via the `CheckRedirect` function, allowing inspection of the initial response.
---
## Requirements
* Go 1.20+ (or any recent Go version)
* Internet access (for the target domain)
---
## Build
You can build an executable (Windows `.exe`) with the following commands:
```bash
# Linux/macOS
go build -o cve-2025-4123 main.go
# Windows (PowerShell or CMD)
go build -o CVE-2025-4123.exe main.go
```
---
## Usage
```
Usage: CVE-2025-4123.exe [https://example.com]
```
Example:
```bash
./CVE-2025-4123.exe https://target.example.com
```
The program does the following:
* Sends a GET request to the provided domain (`os.Args[1]`) with the payload appended.
* If the response is 301 or 302, it prints the `Location` header: `VULN FOUND: <location>`
* Otherwise, it prints `CVE-2025-4123 Not Found`.
* Any redirected requests are also printed via the `CheckRedirect` callback: `Redirected to <URL>`.
---
## Example Output
Successful detection (example):
```
VULN FOUND: https://google.com/
```
Redirect tracking via `CheckRedirect` callback might output:
```
Redirected to https://google.com/
```
---
## Notes
* By default, `http.Get` automatically follows 301/302 redirects. In this PoC, `CheckRedirect` is used to disable automatic following, allowing direct access to the `Location` header.
* The `Location` header may not always be an absolute URL; it could be relative or in another format. In such cases, use `url.Parse` and `resp.Request.URL.ResolveReference` to construct the full URL.
* Do not test on systems without permission. Unauthorized testing may be illegal.
---
## Development / Improvement Suggestions
* Add CLI argument validation and flags like `--timeout`.
* Add output options `-o/--output` to save results in JSON or CSV.
* Implement parallel scanning (concurrency) carefully to avoid overloading targets.
* Handle empty or unexpected `Location` headers with robust parsing/normalization.
---
## Responsible Disclosure
If this PoC detects a real vulnerability, contact the target organization's security team and report it responsibly. Coordinate with the organization before making any public disclosure.
---
文件快照
[4.0K] /data/pocs/56e449822af030a5c24cae4042768ecae293c569
├── [7.8M] CVE-2025-4123.exe
├── [ 21] go.mod
├── [ 844] main.go
└── [2.8K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。