nuclei-templates/vulnerabilities/other/couchdb-adminparty.yaml

29 lines
560 B
YAML

id: couchdb-adminparty
info:
name: CouchDB Admin Party
author: organiccrap
severity: high
description: Requests made against CouchDB are done in the context of an admin user.
tags: couchdb
requests:
- method: GET
path:
- '{{BaseURL}}/_users/_all_docs'
matchers-condition: and
matchers:
- type: word
words:
- CouchDB/
- Erlang OTP/
part: header
condition: and
- type: word
words:
- total_rows
- offset
part: body
condition: and