Description
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/linux/http/apache_couchdb_cmd_execmsf undefined(apache_couchdb_cmd_exec) > show actions ...actions...msf undefined(apache_couchdb_cmd_exec) > set ACTION < action-name >msf undefined(apache_couchdb_cmd_exec) > show options ...show and set options...msf undefined(apache_couchdb_cmd_exec) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub