CVE-2021-43798

POC for CVE-2021-43798 written in python

CVE-2021-43798 Install Clone repo git clone githubcom/nuker/CVE-2021-43798 Install requirements pip install -r requirementstxt Run python file python3 cvepy -f FILE [-s]

Exploit for grafana CVE-2021-43798

PoC para CVE-2021-43798 Grafana es una plataforma de código abierto para monitoreo y observabilidad Las versiones de Grafana desde 800-beta1 hasta 830 (excepto las versiones parcheadas) son vulnerables a ldirectory traversal, permitiendo el acceso a archivos locales La URL vulnerable es: <grafana_host_url>/public/plugins//, donde es el ID del plugin p

FofaMap是一款基于Python3开发的跨平台FOFA API数据采集器，支持普通查询、网站存活检测、统计聚合查询、Host聚合查询、网站图标查询、批量查询等查询功能。同时FofaMap还能够自定义查询FOFA数据，并根据查询结果自动去重和筛选关键字，生成对应的Excel表格。另外春节特别版还可以调用Nuclei对FofaMap查询出来的目标进行漏洞扫描，让你在挖洞路上快人一步。

FofaMap_V113 国庆特别版【联动 Nuclei】｜ FofaMap云查询版 好消息：FofaMap又可以正常使用了，感谢🙏大家一直以来对FofaMap的支持，我们将继续对FofaMap进行更新和维护。 FofaMap是一款基于Python3开发的跨平台FOFA数据采集器。用户可以通过修改配置文件，定制化的采集FOFA数据，并导出生成�

运用golang写的grafana批量验证脚本，内置48个验证

CVE-2021-43798 运用golang写的批量验证脚本，内置48个验证 python写的人太多了，试着学学golang 食用 把url地址保存为urltxt然后在当前目录运行go run CVE-2021-43798go,有漏洞的地址保存为testtxt 利用 验证存在后访问 var/lib/grafana/grafanadb 即可下载这个数据库文件打开 user 的表 密码是加了盐的，一�

OWASP ZAP Proxy Scripts Scan CVE

OWASP ZAP Proxy Scripts Scan CVE CVE-2022-26134 CVE-2021-43798

Description A tool to search for Grafana CVE-2021-43798 Usage python3 grafana_LFIpy examplecom /etc/passwd

This repository contains files for reproducing the vulnerability.

grafana-cve-2021-43798 This repository contains files for reproducing the vulnerability Deploy this in your cluster using this command kubectl apply -f grafana-vuln-appyaml

CVE-2021-43798 Grafana任意文件读取

CVE-2021-43798 Grafana任意文件读取 1installation pip3 install -r requirementstxt 2Usage $ python3 grafanapy -h ____ __ __ _____ ____ ___ ____ _ _ _ _____ _____ ___ ___ / ___| \ \ / / | ____| |___ \ / _ \ |___ \ / | | || | |___ / |___ | / _ \ ( _

Grafana Unauthorized arbitrary file reading vulnerability

CVE-2021-43798 Grafana Unauthorized arbitrary file reading vulnerability 831 (2021-12-07) Security: Fixes CVE-2021-43798 For more information, see our blog grafanacom/blog/2021/12/07/grafana-831-827-818-and-807-released-with-high-severity-security-fix/ Example: get db password /var/lib/grafana/grafanadb 加盐密码明文验证 githubcom/grafan

Grafana - Directory Traversal and Arbitrary File Read

CVE-2021-43798 Grafana - Directory Traversal and Arbitrary File Read cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-43798 grafanacom/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/ Example python3 exploitpy 127001:3000 /etc/passwd python3 exploitpy 127001:3000 /appda

grafana-exploit-CVE-2021-43798 About What is this exploit used for ? used for the Grafana Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798) allows access to local files using directory traversal What grafana versions will this exploit work for? will work for Grafana versions 800-beta1 through 830 Versions 807, 818, 827 and 831 are patched Opera

CVE-2021-43798Exp多线程批量验证脚本

Grafana V8*任意文件读取Exp--多线程批量验证脚本 漏洞描述 Grafana是一个开源的度量分析与可视化套件。经常被用作基础设施的时间序列数据和应用程序分析的可视化，它在其他领域也被广泛的使用包括工业传感器、家庭自动化、天气和过程控制等。其 8*版本任意文件读取漏洞，该漏洞目�

A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / decrypt data_source info automatic.

grafanaExp 利用grafana CVE-2021-43798任意文件读漏洞，自动探测是否有漏洞、存在的plugin、提取密钥、解密server端db文件，并输出data_sourrce信息。 使用方法 提供exp和decode功能。 ➜ /grafanaExp -h NAME: grafanaExp - Exploit Grafana with CVE-2021-43798 Arbitrary File Read USAGE: grafanaExp [global options] command [command

Prometheus-Grafana-Telegram-Kubernetes With this files you can deploy a Kubernetes environment that includes monitoring with Prometheus, alerts to Telegram using Alert Manager and visualize metrics with Grafana Description of files For implementation, you need to change certain values in certain files, let's describe them Prometheus The first file 00-prometheus-namespace

Python Exploit Code

CVE-2021-43798 Grafana 8x Path Traversal (Pre-Auth) All credits go to j0v and his tweet twittercom/j0v0x0/status/1466845212626542607 Disclaimer This is for educational purposes only I am not responsible for your actions Use at your own discretion In good faith, I've held back releasing this PoC until either this vulnerability is public or a patch is available

A repository with some scripts and ways of thinking to get code execution on Grafana

Chain CVE-2021-43798 with grafanadb files Get the database using CVE-2021-43798 curl '101077156:3000/public/plugins/zipkin/////////var/lib/grafana/grafanadb' --path-as-is --output grafanadb Query the database and extract email, password and salt select email,password,salt from user; Save that output to a file (look at hashestxt) R

This script implements a lab automation where I exploit CVE-2021-43798 to steal user secrets and then gain privileges on a Linux system.

LabAutomationCVE-2021-43798 I make a script for pentest automation where i exploit CVE-2021-43798 (a path traversal on Grafana) to steal user secrets (SSH key) and then gain privileges on a Linux system (using SUID) I automate this lab to share the pentest methodology

CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)

CVE-2021-43798 Grafana 8x Path Traversal (Pre-Auth) All credits go to j0v and his tweet twittercom/j0v0x0/status/1466845212626542607 Disclaimer This is for educational purposes only I am not responsible for your actions Use at your own discretion In good faith, I've held back releasing this PoC until either this vulnerability is public or a patch is available

CVE-2021-43798

CVE-2021-43798 ┌─[✗]─[s1gh@parrot]─[~/Desktop] └──╼ $ python3 grafana_path_traversalpy -H "example-url:3000" Read file > /etc/passwd root:x:0:0:root:/root:/bin/ash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:

WeCTF 2022 Source Code & Organizer's Writeup

WeCTF 2022 Thank you for participating! Please share your writeup at CTFtime ctftimeorg/event/1546/ Run Challenges Locally (WIP, not fully working yet) git clone githubcom/wectf/2022 cd 2022 && docker-compose up Dino Run Welcome to WECTF! Play this tiny multiplayer game and get the easy flag Source Code

grafana-unauth-file-read : CVE-2021-43798 Unauthorized reading of files in Grafana (0day) It looks like the new 0day LFI in Grafana exists thanks to the grafana-clock-panel plugin It is enough to send a GET request of the form: GET /public/plugins/grafana-clock-panel////////etc/passwd List of plugins /public/plugins/alertlist/////////etc/passwd /p

Grafana CVE 2021-43798 Grafana Unauthorized arbitrary file reading vulnerability CVE-2021-43798 deps python3 -m pip install -r requirementstxt or pipenv install -r requirementstxt Dorks Dorks (Shodan | Google) Google Dorks Shodan Dorks Usage Targets without / at the end And without or Example of targetstxt

fofax is a command line query tool based on the API of https://fofa.info/, simple is the best!

FoFaX 📒 English README | 📌 Releases Download 🐎 详细使用文档 Docs 0x00 简介 FoFaX 是一款使用 Go 编写的命令行 FoFa 查询工具，在支持 FoFa 查询规则上增加了 Fx 语法来方便使用者编写自己的规则，并且内置了一些常用的规则，除此之外还有联动其他安全产品在内的其他多个实用功能。主要的�

Grafana File-Read Vuln

Grafana-CVE-2021-43798 Grafana File-Read 影响版本：800-lastest Poc-http-get /public/plugins/{plugins-lst}/////////{filename} Default plugins-lst alertlist annolist grafana-azure-monitor-datasource barchart bargauge cloudwatch dashlist elasticsearch gauge geomap gettingstarted stackdriver graph graphite heatmap histogram influxdb jaeger logs loki mssql

Script to demonstrate the Grafana directory traversal exploit (CVE-2021-43798).

Grafana CVE-2021-43798 Exploit Script Script to demonstrate the Grafana directory traversal exploit (CVE-2021-43798) that affects Grafana versions 800-beta1 through 830 Primarily used for a demonstration in a CTF Written in python with standard library modules only Only use this for legitimate purposes eg testing and CTFs please Installation wget rawgithubus

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798) This vulnerability affects Grafana 800-beta1 to 830 According to Shodan data, there are just over 2,000 Grafana servers exposed online, with the majority residing in the US and Europe, as can be seen in the figu

youdata_Vulnerabilities Two vulnerabilities exist in version 720 of the grafana component of the Netnifty BI product: file reading and default password Default password The default password is：admin/admin Verification Screenshot Login page Prompted to change the password, here proves that the default password of grafana component is the above given: admin/adminClick the s

grafana CVE-2021-43798任意文件读取漏洞POC，采用多插件轮训检测的方法，允许指定单URL和从文件中读取URL

CVE-2021-43798-grafana_fileread 如果对象经过反向代理处理，可以将payload替换成这条 url1 = url +"/public/plugins/"+strrstrip(plugins)+"/#//%2f%2f%2f%2f%2f%2f%2f%2f/etc/passwd" Grafana是一个跨平台、开源的数据可视化网络应用程序平台。用户配置连接的数据

Grafana_CVE-2021-43798 python Grafanapy -u ip:port python Grafanapy -r 12txt

CVE-2021-43798 Detect Grafana-File-Read vulnerabilities method Detect url:python3 CVE-2021-43798py -u examplecom Batch inspection:python3 CVE-2021-43798py -r exampletxt Reference githubcom/tangxiaofeng7/CVE-2021-43798-Grafana-File-Read Notes Practicality is uncertain

CVE-2021-43798 Detect Grafana-File-Read vulnerabilities method Detect url:python3 CVE-2021-43798py -u examplecom Batch inspection:python3 CVE-2021-43798py -r exampletxt Reference githubcom/tangxiaofeng7/CVE-2021-43798-Grafana-File-Read Notes Practicality is uncertain

linux下的各种shell脚本

Shell_POC linux下的各种shell脚本 所提供的工具仅供于个人学习和研究， 严禁传播者利用此工具进行非法测试。 CVE-2021-43798_Grafana未授权任意文件读取漏洞检测POC POC中罗列了部分插件URL，来提高检测效率，可自行调整。 本地创建URLtxt，写入url，端口号后不能带反斜杠/及路径 示例： 192

CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.

CVE-2021-43798 CVE-2021-43798 is a vulnerability marked as High priority (CVSS 75) leading to arbitrary file read via installed plugins in Grafana application This vulnerability works on versions 800-beta1, 800 to 830 Tested only on 820 Exploit works by creating a list of vulnerable plugins and sending HTTP requests checking if it's installed While checking, i

Grafana8.x 任意文件读取

CVE-2021-43798 Grafana8x 任意文件读取 ryze-tcom/posts/2021/12/15/CVE-2021-43798-Grafana%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96html 用法 exp examplecom /etc/passwd 效果

CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数

CVE-2021-43798：Grafana 任意文件读取漏洞 POC 使用介绍： python3 exppy IP:PORT

Grafana8.x 任意文件读取

CVE-2021-43798-poc Grafana8x 任意文件读取 python CVE-2021-43798-pocpy 152136149237:3000 /etc/passwd

CVE-2021-43798_exploit Grafana is an open-source platform for monitoring and observability Grafana versions 800-beta1 through 830 (except for patched versions) is vulnerable to directory traversal, allowing access to local files The vulnerable URL path is: <grafana_host_url>/public/plugins//, where is the plugin ID for any installed plugin Users are advised

CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)

CVE-2021-43798 Grafana 8x Path Traversal (Pre-Auth) All credits go to j0v and his tweet twittercom/j0v0x0/status/1466845212626542607 Disclaimer This is for educational purposes only I am not responsible for your actions Use at your own discretion In good faith, I've held back releasing this PoC until either this vulnerability is public or a patch is available

CVE-2021-43798 Grafana任意文件读取

CVE-2021-43798 Grafana任意文件读取 1installation pip3 install -r requirementstxt 2Usage $ python3 grafanapy -h ____ __ __ _____ ____ ___ ____ _ _ _ _____ _____ ___ ___ / ___| \ \ / / | ____| |___ \ / _ \ |___ \ / | | || | |___ / |___ | / _ \ ( _

Grafana Unauthorized arbitrary file reading vulnerability

CVE-2021-43798 Grafana Unauthorized arbitrary file reading vulnerability 831 (2021-12-07) Security: Fixes CVE-2021-43798 For more information, see our blog grafanacom/blog/2021/12/07/grafana-831-827-818-and-807-released-with-high-severity-security-fix/ Example: get db password /var/lib/grafana/grafanadb 加盐密码明文验证 githubcom/grafan

CVE-2021-43798:Grafana 任意文件读取漏洞

CVE-2021-43798:Grafana 任意文件读取漏洞 添加了 Windows+Linux 全版本识别的 nuclei 模板 52个插件列表： live icon loki text logs news stat mssql mixed mysql tempo graph gauge table debug zipkin jaeger geomap canvas grafana welcome xychart heatmap postgres testdata opentsdb influxdb barchart annolist bargauge graphite dashlist piechart dashboard nodeGraph a

Grafana_CVE-2021-43798 python3 Grafana_vulpy -u/--url ip:port/ python3 Grafana_vulpy -f/--file targettxt

Modified Nuclei Templates Version to FUZZ Host Header

Modified Nuclei Templates Version to FUZZ Host Header Requirements 1 - Understand Virtual Host Virtual Host refers to run more than one web site on a single IP eg You can configure Nginx to run two web site eg devexamplecom and apiexamplecom like that server { listen 80; listen [::]:80; root /var/www/dev/html; index indexhtml;

Grafana CVE Scan 21-43798 01 Scanner for Grafana Path Traversal Vulnerability found in CVE-2021-43798 Disclaimer: This is for Educational Purposes only! References for CVE: 1 - NIST CVE Details 2 - Grafana Notes Workarounds All installations between v800-beta1 and v830 should be upgraded as soon as possible If you cannot upgrade, running a reverse proxy in front of Graf

利用grafan CVE-2021-43798任意文件读漏洞，自动探测是否有漏洞、存在的plugin、提取密钥、解密server端db文件，并输出data_sourrce信息。

grafanaExp 利用grafana CVE-2021-43798任意文件读漏洞，自动探测是否有漏洞、存在的plugin、提取密钥、解密server端db文件，并输出data_sourrce信息。 使用方法 提供exp和decode功能。 ➜ /grafanaExp -h NAME: grafanaExp - Exploit Grafana with CVE-2021-43798 Arbitrary File Read USAGE: grafanaExp [global options] command [command

Grafana任意文件读取漏洞 运行脚本格式： python CVE-2021-43798py IP:PORT

Desarrollo e Implementación de Medidas Mitigantes en Vulnerabilidades de Kubernetes

Laboratorio kubevuln con CVE-2021-43798 En este entorno de prueba se van a desplegar dos servicios, uno web PHP y otro para ver la monitorización y estadisticas de la web con Grafana El objetivo principal es ver como podemos mitigar estas futuras vulnerabilidades similares o zero-day, para tener un sistema lo más bastionado posible Arquitectura del laboratorio

Simple program for exploit grafana

CVE-2021-43798 Grafana directory traversal simple program for exploit grafana directory traversal #install gem install httparty gem install colorize gem install timeout ruby cve-2021-43798rb

A PoC exploit for CVE-2021-43798 - Grafana Directory Traversal

CVE-2021-43798 - Grafana Directory Traversal 🔍 Grafana is an open-source platform for monitoring and observability Versions 800-beta1 through 830 (except for patched versions) are vulnerable to a directory traversal attack, allowing unauthorized access to local files This vulnerability does not affect Grafana Cloud The vulnerability exists in the handling of the URL p

CVE-2021-43798 Grafana versions 800-beta1 through 830 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files Grafana is an open-source platform for monitoring and observability Grafana versions 800-beta1 through 830 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files The vulne

Directory Traversal and Arbitrary File Read on Grafana

CVE-2021-43798 Directory Traversal and Arbitrary File Read on Grafana Authors: Wagner Alves - Red Team Analyst This exploit leverages Directory Traversal and Arbitrary File Read vulnerabilities in Grafana 80 - 83, allowing it to read files such as /etc/passwd, /etc/hosts, /home/user/ssh/id_rsa, /etc/os-release, and other interesting files Installation git clone gith

CVE-2021-43798