mongodb-info-enum: MongoDB Information - Detect

日期: 2025-09-01 | 影响软件: MongoDB | POC: 已公开

漏洞描述

MongoDB build and server information was detected.

PoC代码[已公开]

id: mongodb-info-enum

info:
  name: MongoDB Information - Detect
  author: pussycat0x
  severity: info
  description: |
    MongoDB build and server information was detected.
  reference:
    - https://nmap.org/nsedoc/scripts/mongodb-info.html
  tags: network,mongodb,enum

set:
  hostname: request.url.host
  host: request.url.domain
rules:
  r0:
    request:
      type: tcp
      host: "{{host}}:27017"
      data: "3b0000003c300000ffffffffd40700000000000061646d696e2e24636d640000000000ffffffff14000000106275696c64696e666f000100000000"
      data-type: hex
    expression: response.raw.ibcontains(b'version') && response.raw.ibcontains(b'maxBsonObjectSize')
expression:  r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/fingerprinting/mongodb-info-enum.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

MongoDB 未授权访问漏洞 无POC

MongoDB Server 证书校验绕过漏洞 无POC

Spring Data MongoDB CVE-2022-22980 SpEL表达式注入漏洞 无POC

adminMongo可视化MongoDB管理工具未授权访问漏洞 无POC

MongoDB mongo-express远程代码执行漏洞(CVE-2019-10758) 无POC

MongoDB 未授权访问漏洞无POC

MongoDB Server 证书校验绕过漏洞无POC

Spring Data MongoDB CVE-2022-22980 SpEL表达式注入漏洞无POC

adminMongo可视化MongoDB管理工具未授权访问漏洞无POC