漏洞平台

POC详情： e78145fe43a4663d8ce32555c9d4bb23f0a7b581

来源

https://github.com/rodpwn/CVE-2021-43798-mass_scanner

关联漏洞

标题： Grafana 路径遍历漏洞 (CVE-2021-43798)
描述：Grafana是Grafana实验室的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana 8.0.0-beta1至8.3.0存在路径遍历漏洞，攻击者可利用该漏洞执行目录遍历攻击，访问本地文件。

介绍

# Grafana CVE 2021-43798

Grafana Unauthorized arbitrary file reading vulnerability **CVE-2021-43798**

## deps

```
python3 -m pip install -r requirements.txt

or 

pipenv install -r requirements.txt

```
# Dorks

![shoot_shodan.png](shoot_shodan.png)
* Dorks (Shodan | Google)
  - [Google Dorks](google-dorks.txt)
  - [Shodan Dorks](shodan-dork.txt)


# Usage

* Targets without / at the end. And without http:// or https://
  - Example of targets.txt file

```
target.com
example.com
foo.gov
xpto.com.de
```


```

usage: tool [-h] [--file <hostnames.txt>] [--range <ip-start>,<ip-end>] [--single SINGLE]

optional arguments:
  -h, --help                   show this help message and exit
  --file <hostnames.txt>       Input your target host lists
  --range <ip-start>,<ip-end>  Set range IP Eg.: 192.168.15.1,192.168.15.100
  --single <target>            Only one target
```

# PoC
![poc.gif](poc.gif)

## Features
- Range of ips with --range Eg: python3 main.py --range 192.168.0.1,192.168.1.253
- List of hostnames --file Eg: python3 main.py --file hostnames.txt
- Test single target --single Eg: python3 main.py --single example.com:3000

## References

[https://github.com/jas502n/Grafana-CVE-2021-43798](https://github.com/jas502n/Grafana-CVE-2021-43798)

## LOOK HERE

```
+------------------------------------------------------------------------------+
|  [!] Legal disclaimer: Usage of this tool for attacking                      |
|  targets without prior mutual consent is illegal.                            |
|  It is the end user's responsibility to obey all applicable                  | 
|  local, state and federal laws.                                              |
|  Developers assume no liability and are not responsible for any misuse or    |
|  damage caused by this program                                               |
+------------------------------------------------------------------------------+

```

Bye!

![bye-rui.gif](bye-rui.gif)

文件快照


 [4.0K]  /data/pocs/e78145fe43a4663d8ce32555c9d4bb23f0a7b581
├── [383K]  bye-rui.gif
├── [ 142]  google-dorks.txt
├── [1.3K]  main.py
├── [4.0K]  modules
│   ├── [ 839]  banner.py
│   ├── [2.3K]  executor.py
│   ├── [ 229]  file_module.py
│   ├── [   4]  __init__.py
│   └── [1.7K]  request_module.py
├── [ 153]  Pipfile
├── [2.1K]  Pipfile.lock
├── [180K]  poc.gif
├── [1.9K]  README.md
├── [   9]  requirements.txt
├── [  38]  shodan-dork.txt
└── [ 87K]  shoot_shodan.png

1 directory, 15 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。