diff --git a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/configure.pp b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/configure.pp
index 866e6fe4b..7fd88f804 100644
--- a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/configure.pp
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/configure.pp
@@ -1,8 +1,8 @@
class apache_couchdb::configure {
$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
$database = 'couchdb'
- $user = $secgen_parameters['leaked_username'][0]
- $password = $secgen_parameters['leaked_password'][0]
+ $user = $secgen_parameters['unix_username'][0]
+ $password = $secgen_parameters['used_password'][0]
$jsondb = 'sampledata' ##TODO secgen
$strings_to_leak = $secgen_parameters['strings_to_leak']
$leaked_filenames = $secgen_parameters['leaked_filenames']
@@ -10,17 +10,6 @@ class apache_couchdb::configure {
Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
- #create database
- #exec { 'create-database':
- # command => "curl -X PUT http://localhost:34023/${database} -u \"${username}:${password}\"",
- # logoutput => true
- #}->
- #exec { 'import_data':
- # cwd=> '/usr/bin/',
- # command => "curl -d @${jsondb}.json -H \"Content-type: application/json\" -X POST http://127.0.0.1:34023/${database}/_bulk_docs -u \"${username}:${password}\"",
- # logoutput => true
- #}
-
::secgen_functions::leak_files { 'couchdb-flag-leak':
storage_directory => $user_home,
leaked_filenames => $leaked_filenames,
diff --git a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/couchdb.pp b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/couchdb.pp
index 518d59366..512c4ec59 100644
--- a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/couchdb.pp
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/couchdb.pp
@@ -1,7 +1,7 @@
class apache_couchdb::couchdb {
$secgen_parameters=secgen_functions::get_parameters($::base64_inputs_file)
- $username = $secgen_parameters['leaked_username'][0]
- $password = $secgen_parameters['leaked_password'][0]
+ $username = $secgen_parameters['unix_username'][0]
+ $password = $secgen_parameters['used_password'][0]
$host ='127.0.0.1'
$docroot = '/opt/couchdb'
$database_dir = '/var/lib/couchdb'
@@ -64,4 +64,3 @@ class apache_couchdb::couchdb {
flags => '-port 1337',
}
}
-
diff --git a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/install.pp b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/install.pp
index 298088377..45d3109c0 100644
--- a/modules/vulnerabilities/unix/http/apache_couchdb/manifests/install.pp
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/manifests/install.pp
@@ -3,7 +3,7 @@ class apache_couchdb::install {
$responsefile = 'installresponse'
$packagename = 'couchdb_3.2.1_buster_amd64'
$jsondb = 'sampledata.json'
- $password = $secgen_parameters['leaked_password'][0]
+ $password = $secgen_parameters['used_password'][0]
Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
@@ -15,7 +15,7 @@ class apache_couchdb::install {
'libcurl4-openssl-dev',
'gnupg'])
- # copy archive
+ # copy archive
file { "/usr/local/src/${packagename}.deb" :
ensure => file,
source => "puppet:///modules/apache_couchdb/${packagename}.deb",
diff --git a/modules/vulnerabilities/unix/http/apache_couchdb/secgen_metadata.xml b/modules/vulnerabilities/unix/http/apache_couchdb/secgen_metadata.xml
index 597a781ce..fa596d11e 100644
--- a/modules/vulnerabilities/unix/http/apache_couchdb/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/http/apache_couchdb/secgen_metadata.xml
@@ -18,11 +18,9 @@
low
port
- known_username
- known_password
strings_to_leak
- strings_to_preleak
leaked_filenames
+ unix_username
@@ -37,16 +35,15 @@
-
+
couchdb
-
+
-
+
CVE-2022-24706
9
@@ -57,15 +54,26 @@
Apache CouchDB
Apache
-
+
This exploit is based off on 1F98D's Erlang Cookie - Remote Code Execution
update
-
-
\ No newline at end of file
+
+ server-side misconfiguration and vulnerable components
+ Vulnerable defaults
+
+
+ EXPLOITATION
+ EXPLOITATION FRAMEWORKS
+
+
+ CVEs and CWEs
+
+
+ PENETRATION TESTING - SOFTWARE TOOLS
+ PENETRATION TESTING - ACTIVE PENETRATION
+
+