Land #2742, report_vuln for MongoDB no auth

2014-03-06 19:34:45 -05:00 · 2014-03-06 19:34:45 -05:00 · ebee365fce
parent ee0aa20955 84f280d74f
commit ebee365fce
1 changed files with 8 additions and 0 deletions
--- a/modules/auxiliary/scanner/mongodb/mongodb_login.rb
+++ b/modules/auxiliary/scanner/mongodb/mongodb_login.rb
@ -46,6 +46,14 @@ class Metasploit3 < Msf::Auxiliary
          do_login(user, pass)
        }
      else
+        report_vuln(
+          :host         => rhost,
+          :port         => rport,
+          :name         => "MongoDB No Authentication",
+          :refs         => self.references,
+          :exploited_at => Time.now.utc,
+          :info         => "Mongo server has no authentication."
+        )
        print_good("Mongo server #{ip.to_s} dosn't use authentication")
      end
      disconnect