Exploit for Path Traversal in Grafana CVE-2021-43798

Name: Exploit for Path Traversal in Grafana CVE-2021-43798
Rating: 5 (183 reviews)

2022-12-14 | CVSS 5.0

## https://sploitus.com/exploit?id=08867DD9-54BA-50CE-982C-CC9CE8E74CF4
# SUNSCOPE
![SunScope](sunscope_logo.png)

### AN EXPLOITATION TOOL FOR CVE-2021-43798

# USAGE

```
./sunscope '<URL_NAME>' '<FILE_TYPE>'
```

SunScope is a tool that can grab the /etc/grafana/grafana.db, /etc/grafana/grafana.ini, or /etc/passwd file from a server running an instance of Grafana from v8.0.0-beta1 to v8.3.0. Simply put, fire it at a URL and specify which file you want, and it'll grab it for you. So easy, anyone could use it. Please use responsibly.

This isn't the cleanest exploit code, I'll admit, but I wrote this from inspiration that I got while breaking into the Ambassador box on HackTheBox, and it's my first exploit I've written in Go.