Grafana has a public API endpoint, /public/plugins/:pluginId, which allows you to view a plugin's assets. This works by providing a valid :pluginId and then specifying the file path, such as img/logo.png. However, Grafana fails to sanitize the user provided file path, leading to path traversal.
Install these packge before using the script
pip3 install django
pip3 install urllib3==1.24.3
pip3 install requests
To start the script, run the following command
python3 manage.py runserverafter that go to http://127.0.0.1:8000/ to browse the interface, and now just put you'r url without / in the last
This tool is for educational purpose only, please Don't use this tool for any kind of illigal or mallicious activites. Any misuse of the tool is completelty at your risk. I'm not responsile !!