CVE-2021-43798
/Practice/Fanatastic/3-Exploitation/attachments/{84582EFA-6645-4E5B-A551-E8E9F21014B5}.png)
A vulnerability was found in Grafana up to 8.0.6/8.1.7/8.2.6/8.3.0. It has been declared as critical. Affected by this vulnerability is some unknown functionality of the file /public/plugins/. The manipulation with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality.
Exploit
/Practice/Fanatastic/3-Exploitation/attachments/{BCA429D8-7DF8-4913-BF0D-5074A43BDE47}.png)
This appears to be the original author for the exploit.
Besides the directory traversal and arbitrary file read, the exploit includes data source secret decryption
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fanatastic]
└─$ git clone https://github.com/jas502n/Grafana-CVE-2021-43798 ; cd Grafana-CVE-2021-43798
Cloning into 'Grafana-CVE-2021-43798'...
remote: Enumerating objects: 42, done.
remote: Counting objects: 100% (12/12), done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 42 (delta 3), reused 0 (delta 0), pack-reused 30 (from 1)
Receiving objects: 100% (42/42), 16.41 KiB | 1.26 MiB/s, done.
Resolving deltas: 100% (10/10), done.Downloading the exploit package to Kali
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fanatastic/Grafana-CVE-2021-43798]
└─$ go mod init CVE-2021-43798
go: creating new go.mod: module CVE-2021-43798
go: to add module requirements and sums:
go mod tidyInitializing Go module; CVE-2021-43798
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fanatastic/Grafana-CVE-2021-43798]
└─$ go get golang.org/x/crypto/pbkdf2
go: added golang.org/x/crypto v0.36.0Installing the required module; golang.org/x/crypto/pbkdf2
Exploit 2
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fanatastic]
└─$ searchsploit -m multiple/webapps/50581.py ; mv 50581.py CVE-2021-43798.py
Exploit: Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
URL: https://www.exploit-db.com/exploits/50581
Path: /usr/share/exploitdb/exploits/multiple/webapps/50581.py
Codes: CVE-2021-43798
Verified: False
File Type: Python script, ASCII text executable
Copied to: /home/kali/PEN-200/PG_PRACTICE/fanatastic/50581.pyExploit locally available