Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "MongoDB credential disclosure" module is designed to detect the presence of a MongoDB credentials file used by RoboMongo. RoboMongo is a popular MongoDB management tool that allows users to interact with MongoDB databases. This module focuses on identifying potential misconfigurations or vulnerabilities related to the disclosure of sensitive credentials.
This module has a severity level of high, indicating that the potential impact of a credential disclosure could be significant.
This module was authored by geeknik.
If the MongoDB credentials file is exposed, it could lead to unauthorized access to the database. Attackers could potentially obtain sensitive information such as the database name, username, password, and server host. This could result in data breaches, unauthorized modifications, or even complete data loss.
The "MongoDB credential disclosure" module works by sending HTTP requests to specific paths, such as "/db/robomongo.json" and "/robomongo.json". It then applies matching conditions to determine if a credential disclosure vulnerability exists.
For a successful match, the module checks if the response headers contain the "application/json" content type. It also verifies if the response body includes specific keywords such as "databaseName", "userName", "userPassword", and "serverHost". Additionally, the module ensures that the HTTP response status is 200.
Here is an example of an HTTP request sent by the module:
GET /db/robomongo.json
The module evaluates all matching conditions in an "and" logical condition, meaning that all conditions must be met for a vulnerability to be reported.
If a vulnerability is detected, the module will report it as a MongoDB credential disclosure, indicating the potential risk to the system.