Grafana

Grafana exploits

Bug-Bounty-Methodology/Technologies/Grafana.md at main · trilokdhaked/Bug-Bounty-MethodologyGitHub

CVE-2025-6023 - Open Redirection leading to XSS / ATO

Grafana CVE-2025-6023 Bypass: A Technical Deep DiveEthiack

GET /user/auth-tokens/rotate?redirectTo=/%23/..///attacker.com HTTP/1.1 results in a 302 redirect that is a valid open redirect to attacker.com

CVE-2025-4123 - SSRF, XSS

Affected Versions: Grafana 11.2, Grafana 11.3, Grafana 11.4, Grafana 11.5, Grafana 11.6, Grafana 12.0

Open redirect:

https://domain.com/public/..%2F%5coast.pro%2F%3f%2F..%2F..

Grafana CVE-2025–4123: Full Read SSRF & Account TakeoverMedium

How One Path Traversal in Grafana Unleashed XSS, Open Redirect and SSRF (CVE-2025–4123)Medium

GitHub - NightBloodZ/CVE-2025-4123: Script to exploit Grafana CVE-2025-4123: XSS and Full-Read SSRFGitHub

GitHub - ynsmroztas/CVE-2025-4123-Exploit-Tool-Grafana-: CVE-2025-4123 - Grafana ToolGitHub

Grafana arbitrary file-read / RCE (CVE-2024-9264)

Grafana versions 11.0.x, 11.1.x and

GitHub - nollium/CVE-2024-9264: Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)GitHub

Reverse shell:

GitHub - z3k0sec/CVE-2024-9264-RCE-Exploit: Grafana RCE exploit (CVE-2024-9264)GitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.