Exploit for Path Traversal in Grafana CVE-2021-43798

Name: Exploit for Path Traversal in Grafana CVE-2021-43798
Rating: 5 (113 reviews)

2021-12-13 | CVSS 5.0

## https://sploitus.com/exploit?id=F2955029-325B-5361-A6AA-E692D057BF73
# Grafana任意文件读取

## 测试漏洞

读取/etc/passwd

<img src="https://github.com/Awrrays/Grafana-CVE-2021-43798/blob/main/img/1.png" style="zoom:67%;" />

读取datasource

<img src="https://github.com/Awrrays/Grafana-CVE-2021-43798/blob/main/img/2.png" alt="image-20211213140212128" style="zoom: 50%;" />

获取secret_key

<img src="https://github.com/Awrrays/Grafana-CVE-2021-43798/blob/main/img/3.png" alt="image-20211213140613810" style="zoom:50%;" />

解密datasource

![image-20211213140423685](https://github.com/Awrrays/Grafana-CVE-2021-43798/blob/main/img/4.png)