Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Julia

Zig

Swift

Go

Kotlin

C++

Lua

Scala

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Scala

C#

Erlang

PHP

Kotlin

Elm

Lua

Dart

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇮🇱 Israel

🇰🇵 North Korea

🇪🇷 Eritrea

🇧🇼 Botswana

🇶🇦 Qatar

🇦🇹 Austria

🇱🇰 Sri Lanka

🇻🇬 British Virgin Islands

All Countries Compare Countries

pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution

Stars
114
Rank 308,031 (Top 7 %)
Language
Java
Created over 4 years ago
Updated almost 4 years ago

pyn3rd

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Apache Tomcat + MongoDB Remote Code Execution

Apache-Tomcat-MongoDB-Remote-Code-Execution

0x01 Add the following JARs to the /lib directory of Tomcat Server.

mongo-java-driver-3.10.2.jar
mongo-store-3.0.0.jar
Mongo-Tomcat-Sessions.jar

0x02 Modify the configuration file `conf/context.xml`,and then append the following configuration,at last start both Tomcat Server and MongoDB Server.

<Valve className="com.dawsonsystems.session.MongoSessionTrackerValve"/>
<Manager className="com.dawsonsystems.session.MongoManager" 
         host="127.0.0.1" 
         port="27017" 
         database="sessions" 
         maxInactiveInterval="84"/>

0x03 Send the request with PoC, when users login the website again, and RCE will happen.

0x04 start Tomcat Server, when users login the website, their login sessions will be stored in MongoDB Server, as you know, there are so many unauthorized MongoDB Servers on the Internet, just search them by Shodan :)

Spring-Boot-Vulnerability

351

CVE-2019-0232

Apache Tomcat Remote Code Execution on Windows

CVE-2018-3245

CVE-2018-2893

my-presentation-slide

101

CVE-2018-3252

CVE-2018-3252-PoC

Java

CVE-2019-2618

Weblogic Unrestricted File Upload

CVE-2019-3396

Confluence Widget Connector RCE

Apache-Tomcat-Redis-Remote-Code-Execution

Java

pyn3rd.github.io

HTML

HSTS-SuperCookies

HTML

pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution

pyn3rd

Reviews

Repository Details

Apache-Tomcat-MongoDB-Remote-Code-Execution

0x01 Add the following JARs to the /lib directory of Tomcat Server.

0x02 Modify the configuration file `conf/context.xml`,and then append the following configuration,at last start both Tomcat Server and MongoDB Server.

0x03 Send the request with PoC, when users login the website again, and RCE will happen.

0x04 start Tomcat Server, when users login the website, their login sessions will be stored in MongoDB Server, as you know, there are so many unauthorized MongoDB Servers on the Internet, just search them by Shodan :)

More Repositories

pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution

pyn3rd

Reviews

Repository Details

Apache-Tomcat-MongoDB-Remote-Code-Execution

0x01 Add the following JARs to the /lib directory of Tomcat Server.

0x02 Modify the configuration file conf/context.xml,and then append the following configuration,at last start both Tomcat Server and MongoDB Server.

0x03 Send the request with PoC, when users login the website again, and RCE will happen.

0x04 start Tomcat Server, when users login the website, their login sessions will be stored in MongoDB Server, as you know, there are so many unauthorized MongoDB Servers on the Internet, just search them by Shodan :)

More Repositories

0x02 Modify the configuration file `conf/context.xml`,and then append the following configuration,at last start both Tomcat Server and MongoDB Server.