Exploit grafana Pre-Auth LFI
python3 grafana-exploit.py http://site.com /etc/passwd
Or
python3 grafana-exploit.py http://site.com:8080 /etc/passwd
Interesting files
/etc/passwd
/etc/hosts
/var/lib/grafana/grafana.db
CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection Usage usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell] CVE-2021-2
CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V
Grafana V8.0+版本存在未授权任意文件读取 0Day漏洞 - POC 1 漏洞信息 1.1 基本信息 漏洞厂商:Grafana 厂商官网:https://grafana.com/ 1.2 漏洞描述 Grafana是一个跨平台、开源的数据可视化网络应用程序平台。用户配置连接的数据源之后,Gr
Grafana-Poc 此工具请勿用于违法用途。 一、使用方法:python3 grafana_hole.py 在domain.txt中填入ip:port 二、漏洞影响范围 影响版本: Grafana 8.0.0 - 8.3.0 安全版本: Grafana 8.3.1, 8.2.7, 8.1.8,
Home Assistant LDAP Auth Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container. Usage Deploy NGINX's l
CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */
laravel-exploits Exploit for CVE-2021-3129
SonicWALL SSL-VPN Web Server Vulnerable Exploit
CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972
CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798
CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass exploit About: The identity authentication bypass vulnerability found in some Dahua products duri
BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF
LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in
Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP
说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do
tinyman_exploit_finder There was a big tinyman exploit. You can read about it he
Discord-email-spammer-exploit was made by Love ❌ code ✅ ?? ・Description First it
ProxyLogon Pre-Auth SSRF To Arbitrary File Write For Education and Research Usage: C:\>python proxylogon.py mail.evil.corp [email protected] At
CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS
92 Jul 20, 2022
9 Aug 31, 2022
3 Dec 13, 2021
8 Jan 3, 2023
1 Sep 21, 2022
81 Dec 12, 2022
228 Nov 25, 2022
210 Dec 31, 2022
12 Nov 18, 2022
23 Dec 2, 2022
118 Nov 7, 2022
6 Jan 30, 2022
258 Jan 2, 2023
3 Aug 13, 2022
9 Dec 27, 2022
25 Aug 13, 2022
117 Nov 28, 2022
47 Nov 9, 2022