CVE-2021-38295 PoC — Privilege escalation vulnerability when using HTML attachments

Source

https://github.com/ProfessionallyEvil/CVE-2021-38295-PoC

Associated Vulnerability

Title:Privilege escalation vulnerability when using HTML attachments (CVE-2021-38295)
Description:In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2

Description

A simple Python proof of concept for CVE-2021-38295.

Readme

# CVE-2021-38295-PoC
A simple Python proof of concept for CVE-2021-38295.

### Related Blog Post
[LINK TO BLOG]

### Usage:

```
Usage: cve-xxxx <host> <db> <user:pass>
```

Simply supply the script with a host, a database which your creds have access too, and the username password pair.
If everything works, you'll get a URL which links to the malicious attachment.

File Snapshot


 [4.0K]  /data/pocs/8a77572bb7c55dd76f8cf9bd224b0260b288472e
├── [1.6K]  cve2021_38295_poc.py
└── [ 368]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!