CVE-2017-12636 PoC — Apache CouchDB 安全漏洞

Source

https://github.com/XTeam-Wing/CVE-2017-12636

Associated Vulnerability

Title:Apache CouchDB 安全漏洞 (CVE-2017-12636)
Description:Apache CouchDB是美国阿帕奇（Apache）软件基金会的一个免费、开源、面向文档的数据库，是一个使用JSON作为存储格式，JavaScript作为查询语言，MapReduce和HTTP作为API的NoSQL数据库。 Apache CouchDB 1.7.0之前的版本和2.1.1之前的2.x版本中存在安全漏洞。攻击者可利用该漏洞执行任意的shell命令（包括：从公共网络上下载和执行脚本）。

Description

CVE-2017-12636|exploit Couchdb

Readme

# CVE-2017-12636

Usage: python3 exp.py target version(1.6|2.1) reverseip reverseport

```
 _____ _   _ _____       _____  _____  __   ______     __   _____   ____  _____  ____
/  __ \ | | |  ___|     / __  \|  _  |/  | |___  /    /  | / __  \ / ___||____ |/ ___|
| /  \/ | | | |__ ______`' / /'| |/' |`| |    / /_____`| | `' / /'/ /___     / / /___
| |   | | | |  __|______| / /  |  /| | | |   / /______|| |   / /  | ___ \    \ \ ___ \
| \__/\ \_/ / |___      ./ /___\ |_/ /_| |_./ /       _| |_./ /___| \_/ |.___/ / \_/ |
 \____/\___/\____/      \_____/ \___/ \___/\_/        \___/\_____/\_____/\____/\_____/

github@RedTeamWing

[+]Usage: python3 exp.py target version(1.6|2.1) reverseip reverseport
```

change from https://github.com/vulhub/vulhub/blob/master/couchdb/CVE-2017-12636/exp.py

XD:

File Snapshot


 [4.0K]  /data/pocs/85b93da67940ad8a0164620e91257715c2750768
├── [2.3K]  exp.py
└── [ 800]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!