漏洞描述
开启MongoDB服务时不添加任何参数时,默认是没有权限验证的,任意攻击者都可以通过默认端口无需密码对数据库任意操作(增、删、改、查高危动作)而且可以远程访问数据库。导致泄露Mongodb中的数据库信息。
MongoDB-未授权访问漏洞
PoC代码
暂无相关漏洞推荐
- POC ec2-unrestricted-mongodb: Unrestricted MongoDB Access in EC2
- POC azure-nsg-mongodb-unrestricted: Unrestricted MongoDB Access in Azure NSGs
- POC file-mongodb-audit-log-disabled: MongoDB Audit Logging Disabled
- POC file-mongodb-auth-disabled: MongoDB Authentication Disabled
- POC file-mongodb-http-interface-enabled: MongoDB HTTP Interface Enabled
- POC file-mongodb-ssl-disabled: MongoDB SSL Disabled
- POC mongod-exposure: MongoD Server - Exposure
- POC mongodb-exporter-metrics: MongoDB Exporter - Detect
- POC mongodb-unauth: MongoDB - Unauthenticated Access
- POC mongodb-info-enum: MongoDB Information - Detect
- POC mongodb-ops-manager: MongoDB Ops Manager
- MongoDB 未授权访问漏洞
- MongoDB Server 证书校验绕过漏洞