Techniques
Sample rules
Splunk XSS in Save table dialog header in search page
- source: splunk
- technicques:
- T1189
Description
This is a hunting search to find persistent cross-site scripting XSS code that was included while inputing data in ‘Save Table’ dialog in Splunk Enterprise (8.1.12,8.2.9,9.0.2). A remote user with “power” Splunk role can store this code that can lead to persistent cross site scripting.
Detection logic
`splunkd_webx` method=POST uri=/en-US/splunkd/__raw/servicesNS/nobody/search/datamodel/model
| table _time host status clientip user uri
| `splunk_xss_in_save_table_dialog_header_in_search_page_filter`