## https://sploitus.com/exploit?id=D14E1C1A-ECD9-51FF-A814-EE5D7BFAE4BB
# SPLUNK CVE-2025-20384
i dunno, i just read stuff my friendo sent to me and start typing down some random sorry ass nub javascript code
## Log Injection/Forgery type POC
Please read this arcticle [OWASP Log Injection](https://owasp.org/www-community/attacks/Log_Injection)
### TL;DR
- Look for static file, passed it and append some random parameter
- So, i pass https://localhost:8000/en-US/app/SplunkEnterpriseSecuritySuite/apple-touch-icon.png?check={malformed}
- If splunk logged the raw parameter, this is an indication that log injection attack can be done.