CVE-2025-4123

The exploit demonstrates an SSRF vulnerability in Grafana versions 11.2.0 to 11.6.0 via path traversal encoding and open redirect in the `render/public` endpoint. The provided HTTP requests show how an attacker can manipulate the server into making requests to arbitrary domains.

This PoC demonstrates a combined SSRF and XSS vulnerability in Grafana (CVE-2025-4123) by serving malicious JavaScript and a fake plugin via a Flask server. The exploit leverages path traversal to trigger the vulnerabilities.

This is a functional proof-of-concept exploit for CVE-2025-4123, a path traversal vulnerability in Grafana's `/public` endpoint. It demonstrates SSRF, LFI, open redirect, and XSS attacks via crafted URLs with encoded path traversal sequences.

This repository provides a proof-of-concept for CVE-2025-4123, demonstrating SSRF and Open Redirect vulnerabilities in Grafana. The exploit leverages path traversal techniques to achieve these attacks.

This repository contains a Go-based tool that scans for CVE-2025-4123 by sending a crafted path traversal payload and checking for 301/302 redirect responses. It does not exploit the vulnerability but detects potential exposure by analyzing the `Location` header.

The repository contains only a README.md file with a placeholder title and no exploit code or technical details. It appears to be an empty template or placeholder for CVE-2025-4123.

The repository contains only a README with path traversal payloads for CVE-2025-4123, but no actual exploit code or technical details. It appears to be a placeholder or incomplete PoC.

This repository contains a functional exploit for CVE-2025-4123, targeting Grafana versions 11.2 to 12.0. The exploit leverages SSRF and XSS vulnerabilities via crafted paths and a malicious server to serve payloads.