Skip to content

Latest commit

 

History

History
28 lines (20 loc) · 1.06 KB

README.md

File metadata and controls

28 lines (20 loc) · 1.06 KB

Apache-Tomcat-MongoDB-Remote-Code-Execution

0x01 Add the following JARs to /lib directory.

mongo-java-driver-3.10.2.jar
mongo-store-3.0.0.jar
Mongo-Tomcat-Sessions.jar

0x02 Modify the configuration file, conf/context.xml then start Tomcat Server and MongoDB Server.

<Valve className="com.dawsonsystems.session.MongoSessionTrackerValve"/>
<Manager className="com.dawsonsystems.session.MongoManager" 
         host="127.0.0.1" 
         port="27017" 
         database="sessions" 
         maxInactiveInterval="84"/>

0x03 Send the request with PoC, when users login again, there is Remote Code Execution.

0x04 start Tomcat Server, when users login the website, their login sessions will be stored in MongoDB Server, as you know, there are so many unauthorized MongoDB Servers on the Internet, just search them by Shodan :)