Shulou(Shulou.com)06/01 Report--

Vulnerability principle:

Apache CouchDB is an open source database that focuses on ease of use and being a "database that fully embraces web". It is a NoSQL database that uses JSON as the storage format, JavaScript as the query language, MapReduce and HTTP as the API. There are a wide range of applications, such as BBC used in its dynamic content presentation platform, Credit Suisse used in its internal merchandise department's market framework, Meebo, used in its social platform (web and applications).

On November 15, 2017, CVE-2017-12635 and CVE-2017-12636 disclosed that CVE-2017-12635 is due to differences in sentence execution due to differences in the way Erlang and JavaScript parse JSON. This vulnerability allows any user to create an administrator, belonging to a vertical privilege bypass vulnerability.

Recurrence of vulnerabilities:

The content after the package is sent.

The limit can be bypassed by sending a packet with two roles fields at a time.

An administrator is created successfully, and the account password is vulhub.

Visit http://your-ip:5984/_utils/ again and enter the account password nnn to log in successfully:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.