Grafana Unauthorized arbitrary file reading vulnerability CVE-2021-43798
python3 -m pip install -r requirements.txt
or
pipenv install -r requirements.txt
- Dorks (Shodan | Google)
- Targets without / at the end. And without http:// or https://
- Example of targets.txt file
target.com
example.com
foo.gov
xpto.com.de
usage: tool [-h] [--file <hostnames.txt>] [--range <ip-start>,<ip-end>] [--single SINGLE]
optional arguments:
-h, --help show this help message and exit
--file <hostnames.txt> Input your target host lists
--range <ip-start>,<ip-end> Set range IP Eg.: 192.168.15.1,192.168.15.100
--single <target> Only one target
- Range of ips with --range Eg: python3 main.py --range 192.168.0.1,192.168.1.253
- List of hostnames --file Eg: python3 main.py --file hostnames.txt
- Test single target --single Eg: python3 main.py --single example.com:3000
https://github.com/jas502n/Grafana-CVE-2021-43798
+------------------------------------------------------------------------------+
| [!] Legal disclaimer: Usage of this tool for attacking |
| targets without prior mutual consent is illegal. |
| It is the end user's responsibility to obey all applicable |
| local, state and federal laws. |
| Developers assume no liability and are not responsible for any misuse or |
| damage caused by this program |
+------------------------------------------------------------------------------+
Bye!