关联漏洞
标题:
MongoDB Server 安全漏洞
(CVE-2025-6713)
描述:MongoDB Server是美国MongoDB公司的一套开源的NoSQL数据库。该数据库提供面向集合的存储、动态查询、数据复制及自动故障转移等功能。 MongoDB Server 8.0.7之前版本、7.0.20之前版本和6.0.22之前版本存在安全漏洞,该漏洞源于对$mergeCursors阶段处理不当,可能导致未授权数据访问。
描述
craft aggregation pipeline to access data without proper authorisation due to improper handling of $mergeCursors in MongoDB >v8.0 <8.0.7, >v7.0 <7.0.19, >v6.0 <6.0.22
介绍
# CVE-2025-6713
craft aggregation pipeline to access data without proper authorisation due to improper handling of $mergeCursors in MongoDB >v8.0 <8.0.7, >v7.0 <7.0.19, >v6.0 <6.0.22
## installation
not very difficult - just use pip3 to install the requirements: `pip install -r requirements`
## usage
```
python3 CVE-2025-6713
```
## tinkering
what do to to test it on your own
1. Line 4, 5, 6, 7, 9, 10:
```python
mconnect = "mongodb://localhost:27017"
dbname = ""
acollection = ""
rcollection = ""
USERNAME = ""
PASSWORD = ""
```
you can:
- change `mconnect` to your own mongo uri to connect to *your* database
- change `dbname` to your db name (use, modify or fork the repo to have it test more than 1 db)
- change `acollection` to a collection available publicly (accessible)
- change `rcollection` to a collection not available publicly (restricted)
- i think `USERNAME` & `PASSWORD` are common sense
2. Line 17 & 18 (in `setupTest(db)`, after `[acollection].insert_many([...`):
```json
{"name": "pubthing1", "data": "pub stuff"},
{"name": "pubthing2", "data": "pub stuff"}
```
here, the script is just inserting test data into the db (does NOT have to be anything specific. it can literally be anything)
3. Line 22 & 23 (in `setupTest(db)`, after `[rcollection].insert_many([...`):
```json
{"name": "secret", "stuff": "my national insurance number"},
{"name": "shhhh", "boo": "location of pringles in my house"}
```
this can also be literally anything too. have fun with it.
the rest - don't change unless you know what you're doing otherwise you'll just get confused and angry
文件快照
[4.0K] /data/pocs/a4e73bbd04c0ebf2d26135fef80cd6b005f41702
├── [2.1K] CVE-2025-6713.py
├── [1.0K] LICENSE
├── [1.7K] README.md
└── [ 8] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。