PoC - A Cryptominer in the Couch
Bubble or not, the Bitcoin speculation have made us hear controversial statements from 'distinguished and fancy' people which assert that it will worth a million ---> John McAfee: $1mn by 2020 or I'll eat my D . As one of its consequences, attacks abusing server vulnerabilities for cryptomining are growing with the crypto currencies popularity as well. While taking my daily morning Twitter dose, I found a Trend Micro blog mentioning a couple of security issues of a NoSQL service which have been exploited by some "wannabe but not on my pc" Monero miners. The targeted service was the 'relaxing' Apache CouchDB . CouchDB is an open source database software developed on Erlang which focuses on ease of use by using a NoSQL architecture and JSON objects to store data. Deployed by default on port 5984 , the service allows their users to manage all the databases using Javascript as query language and HTTP as API, providing everything you need ...