Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution
Apache Tomcat + MongoDB Remote Code Execution
https://github.com/pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution
Last synced: 21 days ago
JSON representation
Apache Tomcat + MongoDB Remote Code Execution
- Host: GitHub
- URL: https://github.com/pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution
- Owner: pyn3rd
- Created: 2020-06-04T03:51:17.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-01-15T06:42:18.000Z (almost 4 years ago)
- Last Synced: 2024-08-05T17:27:01.744Z (4 months ago)
- Language: Java
- Size: 4.66 MB
- Stars: 115
- Watchers: 3
- Forks: 22
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution - Apache Tomcat + MongoDB Remote Code Execution (Java)
README
# Apache-Tomcat-MongoDB-Remote-Code-Execution
#### 0x01 Add the following JARs to the /lib directory of Tomcat Server.
```
mongo-java-driver-3.10.2.jar
mongo-store-3.0.0.jar
Mongo-Tomcat-Sessions.jar
```
#### 0x02 Modify the configuration file `` conf/context.xml ``,and then append the following configuration,at last start both Tomcat Server and MongoDB Server.
```
```
#### 0x03 Send the request with PoC, when users login the website again, and RCE will happen.
#### 0x04 start Tomcat Server, when users login the website, their login sessions will be stored in MongoDB Server, as you know, there are so many unauthorized MongoDB Servers on the Internet, just search them by Shodan :)
