CVE-2021-43798

Directory Traversal and Arbitrary File Read on Grafana

Authors:
Wagner Alves - Red Team Analyst

This exploit leverages Directory Traversal and Arbitrary File Read vulnerabilities in Grafana 8.0 - 8.3, allowing it to read files such as /etc/passwd, /etc/hosts, /home/user/.ssh/id_rsa, /etc/os-release, and other interesting files.

Installation

git clone https://github.com/wagneralves/CVE-2021-43798.git
cd CVE-2021-43798
chmod +x ExploitGrafana.sh

Usage

ex: ./ExploitGrafana.sh -h http://domain.xpto:3000 -f /etc/passwd

ex: ./ExploitGrafana.sh -h http://domain.xpto:3000 -f /home/user/.ssh/id_rsa

ex: ./ExploitGrafana.sh -h http://domain.xpto:3000 -f /home/user/.ssh/id_rsa

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
ExploitGrafana.sh		ExploitGrafana.sh
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ExploitGrafana.sh

ExploitGrafana.sh

README.md

README.md

Repository files navigation

CVE-2021-43798

Installation

Usage

About

Releases

Packages

Languages

wagneralves/CVE-2021-43798

Folders and files

Latest commit

History

ExploitGrafana.sh

ExploitGrafana.sh

README.md

README.md

Repository files navigation

CVE-2021-43798

Installation

Usage

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages