CVE-2021-38295 PoC — Apache CouchDB 跨站脚本漏洞

Source

https://github.com/ProfessionallyEvil/CVE-2021-38295-PoC

Associated Vulnerability

Title:Apache CouchDB 跨站脚本漏洞 (CVE-2021-38295)
Description:Apache CouchDB是美国阿帕奇（Apache）基金会的使用Erlang开发的一套面向文档的数据库系统。 Apache CouchDB 存在跨站脚本漏洞，该漏洞源于应用程序没有适当地施加安全限制，允许具有在数据库中创建文档权限的远程身份验证用户将HTML附件附加到文档。如果CouchDB管理员打开此类附件，则HTML代码将在管理员的浏览器中执行。以下产品及版本受到影响：Apache CouchDB 3.0.0, 3.0.1, 3.1.0, 3.1.1。

Description

A simple Python proof of concept for CVE-2021-38295.

Readme

# CVE-2021-38295-PoC
A simple Python proof of concept for CVE-2021-38295.

### Related Blog Post
[LINK TO BLOG]

### Usage:

```
Usage: cve-xxxx <host> <db> <user:pass>
```

Simply supply the script with a host, a database which your creds have access too, and the username password pair.
If everything works, you'll get a URL which links to the malicious attachment.

File Snapshot


 [4.0K]  /data/pocs/8a77572bb7c55dd76f8cf9bd224b0260b288472e
├── [1.6K]  cve2021_38295_poc.py
└── [ 368]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!