Share
## https://sploitus.com/exploit?id=7A010A62-B729-5467-BA55-CE896853436E
# Apache CouchDB 3.2.1 - Remote Code Execution (RCE) CVE-2022-24706
Date: 2022-01-21
Exploit Author: Konstantin Burov, @_sadshade
Software Link: https://couchdb.apache.org/
Version: 3.2.1 and below
Tested on: Kali 2021.2
Based on 1F98D's Erlang Cookie - Remote Code Execution
Shodan: port:4369 "name couchdb at"
CVE: CVE-2022-24706
References:
https://habr.com/ru/post/661195/
https://www.exploit-db.com/exploits/49418
https://insinuator.net/2017/10/erlang-distribution-rce-and-a-cookie-bruteforcer/
https://book.hacktricks.xyz/pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd#erlang-cookie-rce