Posted by Gregory Sloop on Oct 03

So, while I’ve not attempted to reproduce the “exploit”* POC below, I have some observations/questions.

The exploit, if I’m reading things correctly depends on MongoDB being configured to accept remote database connections.
Yet, at least on Ubuntu [the vendor recommended Linux distro], it’s only configured to accept connections from
127.0.0.1. [bind_ip = 127.0.0.1]

So, it’s not a remote exploit – in at least…