couchdb-admin-party: CouchDB Admin Party

日期: 2025-09-01 | 影响软件: couchdb-admin-party | POC: 已公开

漏洞描述

Requests made against CouchDB are done in the context of an admin user.

PoC代码[已公开]

id: couchdb-admin-party

info:
  name: CouchDB Admin Party
  author: organiccrap
  severity: high
  verified: false
  description: Requests made against CouchDB are done in the context of an admin user.

rules:
    r0:
        request:
            method: GET
            path: /_users/_all_docs
        expression: response.body.bcontains(b'total_rows') && response.body.bcontains(b'offset') && response.headers["server"].icontains("CouchDB/")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/couchdb-admin-party.yaml

相关漏洞推荐