CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/admin/http/grafana_auth_bypass.md
Views: 1904
Vulnerable Application
The following list shows the vulnerable versions of Grafana when configured for LDAP or OAuth:
2.x
3.x
4.x befroe 4.6.4
5.x before 5.2.3
Verification Steps
Start msfconsole
Do:
use auxiliary/admin/http/grafana_auth_bypass
Do:
set username <username>
orset cookie <cookie>
Do:
set version
Do:
set rhosts
Do:
set rport
Do:
run
Scenarios
Example run against Grafana 3.x with username admin: