MongoDB management tool exposure remote code execution vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201560079
Type myhack58
Reporter 佚名
Modified 2015-03-19T00:00:00


MongoDB, the IT sector mainstream non-relational database NoSQL platform is one that is based on a table of a relational database of the popular alternatives. Recently, the management for MongoDB is a GUI tool phpMoAdmin is the storm has a very serious security vulnerability, once exploited, this vulnerability would allow an attacker on the server to execute the command.

phpMoAdmin is a PHP language, and MySQL database management tool phpMyAdmin similar, you can make web developers and administrators can use GUI for a variety of database operations. However, phpMyAdmin has a strong development community is relying on(in view of its with the MySQL relationship, the phpMoAdmin it has been more than two years did not update.

Recently, researchers have found phpMoAdmin code hidden in there is a serious vulnerability. As noted above, if this vulnerability be exploited, the attacker will be executed on the server command. This vulnerability earlier this month is disclosed, some administrators have begun to report were exploit attacks.

phpMoAdmin of the development team noticed that the code vulnerability that we are unclear. But, in the Metasploit framework in the relevant module prior to the release of the week, the offender was already in the sale of this vulnerability.

Vulnerability is the core of the script in a GET request on the use of the eval()function.

eval(‘$find = ‘ . $_GET[‘find’] . ‘;’);

In this case, by changing the$action variable to trigger the vulnerability.

> http://localhost/phpmoadmin/moadmin.php?action=listRows&collection=0&find=array();system(%27whoami%2 7);exit;

On the network of a hosting center control of the botnet targeting this vulnerability, an attempt by this vulnerability spread by the Perl scripting language written into the IRCbot virus. This virus script, there is a spread way, and last year the CSO website reported Shellshock vulnerability events similar.

Using phpMoAdmin to the user is best to replace another GUI tool. There are currently many such tools like RockMongo And MongoVUE, the Mongo-Express or UMongo is. If you don't want to change, it would just limit the phpMoAdmin access a great.

phpMoAdmin project is currently in a state of stagnation, it is possible to have been abandoned, become even more prominent with the open source code related to security risk. If really nobody on it for maintenance, vulnerability will always be in a non-patched state.

Last month, a German research team found that approximately 4 million disclosure of MongoDB after that, the MongoDB team released a post that lists some basic security measures. In view of the current developments, it is recommended to carefully read this article, as well as the MongoDB security manual.