#grafana

SQL Injection by Default in Grafana (HTB — Jupiter)

A walkthrough of HackTheBox Jupiter, demonstrating how Grafana's raw SQL passthrough to PostgreSQL can be exploited for remote code execution and full system compromise.