mongod-exposure: MongoD Server - Exposure

漏洞描述

PoC代码[已公开]

id: mongod-exposure

info:
  name: MongoD Server - Exposure
  author: DhiyaneshDk
  severity: low
  classification:
    cpe: cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: mongodb
    product: mongodb
    shodan-query: html:"mongod"
  tags: mongod,exposure,info-leak,vuln

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>mongod"
          - "List all commands"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a004630440220762d5bc924638b31192e350ee270a633ec9a52b480cd32bec13cf6a8ad2d0cec022005d685d507c2373eae746baa49736b462c186ec7fccb0e3d627f3a3daa0faebb:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• 西软云XMS /FoxhisFileServer/action 文件读取漏洞
• 九思OA /jsoa/OfficeServer 文件上传漏洞
• N-central /dms/services/ServerMMS XML 外部实体注入漏洞（CVE-2025-11700）
• POC CVE-2025-49706: Microsoft SharePoint Server - Authentication Bypass
• POC wp-security-hidden-login-exposure: WordPress All-in-One Security <=4.4.1 - Hidden Login Page Exposure
• POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
• POC CVE-2025-51991: XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)
• 亿赛通电子文档安全管理系统 /CDGServer3/dwr/call/plaincall/JLockSeniorDao.findByLockName.dwr SQL 注入漏洞
• POC cockroachdb-unauth-exposure: CockroachDB Unauthenticated Console Exposure
• POC CVE-2025-55190: ArgoCD Project API Token Repository Credentials Exposure
• POC CVE-2025-9985: Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
• POC churchcrm-installer: ChurchCRM - Setup Exposure
• POC bentoml-ssrf: Bentoml - Server Side Request Forgery