CVE-2024-36991

This repository contains a functional Python script that exploits CVE-2024-36991, a path traversal vulnerability in Splunk Enterprise on Windows. The exploit attempts to read the /etc/passwd file by sending a crafted HTTP request to the vulnerable endpoint.

This repository contains a functional Python exploit for CVE-2024-36991, a path traversal vulnerability in Splunk Enterprise on Windows. The exploit uses curl commands to read sensitive files by traversing directories via the Splunk web interface.

The repository provides a functional proof-of-concept for CVE-2024-36991, a path traversal vulnerability in Splunk Enterprise on Windows. The exploit leverages the Python os.path.join function's behavior with drive letters to traverse directories and access sensitive files like win.ini.

This repository contains a functional Python script that exploits CVE-2024-36991, a path traversal vulnerability in Splunk versions below 9.2.2. The script allows an attacker to read arbitrary files by crafting specific HTTP requests to vulnerable endpoints.

This repository contains a functional exploit for CVE-2024-36991, a path traversal vulnerability in Splunk Enterprise on Windows. The exploit automates depth detection and allows interactive selection of files to exfiltrate, targeting sensitive configuration and log files.

This repository contains a functional exploit for CVE-2024-36991, a path traversal vulnerability in Splunk Enterprise. The exploit demonstrates reading sensitive files (e.g., authentication.conf, splunk.secret) by manipulating file paths in HTTP requests.

This repository contains a scanner for CVE-2024-36991, a path traversal vulnerability in Splunk Enterprise on Windows. It checks for vulnerable endpoints and reports if sensitive files can be read, but does not include exploit code for active exploitation.

The repository claims to provide a binary PoC for CVE-2024-36991 but lacks actual exploit code, instead referencing external sources and a pre-compiled binary. The README is marketing-heavy with vague technical details.

This repository contains a Nuclei template designed to detect a path traversal vulnerability in Splunk Enterprise on Windows. The template sends a crafted HTTP GET request to exploit the vulnerability and checks for the presence of sensitive file content (e.g., /etc/passwd) in the response.

The repository contains a functional exploit tool for CVE-2024-36991, a path traversal vulnerability in Splunk Enterprise on Windows. The tool uses asynchronous HTTP requests to detect and exploit the vulnerability by attempting to read the /etc/passwd file via a crafted URL path.

This repository contains a functional Python exploit for CVE-2024-36991, a path traversal vulnerability in Splunk Enterprise on Windows. The exploit automates depth detection and allows interactive selection of files to exfiltrate, targeting sensitive configuration and log files.

The repository contains a functional Python script for CVE-2024-36991, demonstrating SQL injection in Zabbix via the 'groupBy' parameter in the API. The exploit extracts user credentials and other database information by leveraging authenticated API calls.

This repository contains a functional exploit for CVE-2024-36991, a path traversal vulnerability in Splunk Enterprise. The exploit reads sensitive files (e.g., authentication.conf, splunk.secret) by manipulating file paths via directory traversal sequences.