关联漏洞
标题:
Splunk 安全漏洞
(CVE-2024-36991)
描述:Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据,包括所有IT系统和基础结构(物理、虚拟机和云)生成的数据。 Splunk存在安全漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。
描述
CVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10.
介绍
# CVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10.
### CVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-36991 with Asychronous Performance.
### Installation
```bash
git clone https://github.com/th3gokul/CVE-2024-36991.git
cd CVE-2024-36991
pip install -r requirements.txt
python3 cvehunter.py --help
```
### 🚀 Usage
```bash
python3 cvehunter.py -h
____ __ __ _____ _ _ _
/ ___|\ \ / /| ____|| | | | _ _ _ __ | |_ ___ _ __
| | \ \ / / | _| | |_| || | | || '_ \ | __| / _ \| '__|
| |___ \ V / | |___ | _ || |_| || | | || |_ | __/| |
\____| \_/ |_____||_| |_| \__,_||_| |_| \__| \___||_|
CVE-2024-36991 @th3gokul
[Description]: Vulnerability Detection and Exploitation
tool for CVE-2024-36991
options:
-h, --help show this help message and exit
-u URL, --url URL [INF]: Specify a URL or domain
for vulnerability detection
-l LIST, --list LIST [INF]: Specify a list of URLs
for vulnerability detection
-t THREADS, --threads THREADS
[INF]: Number of threads for
list of URLs
-proxy PROXY, --proxy PROXY
[INF]: Proxy URL to send request
via your proxy
-v, --verbose [INF]: Increases verbosity of
output in console
-o OUTPUT, --output OUTPUT
[INF]: Filename to save output
of vulnerable target]
```
### About
The 🔨 tool is Developed by [th3Gokul](https://www.linkedin.com/in/gokul-v-13455521a/) to detect and exploit the CVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10.
### Disclaimer
The ⚒️ tool is only for education and ethical purpose only and Developers are not responsible for any illegal exploitations.
文件快照
[4.0K] /data/pocs/5631c180e1aa0f15dcd21b9438810beaf96d8d43
├── [6.1K] cvehunter.py
├── [2.0K] README.md
└── [ 91] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。