This exploit demonstrates an information disclosure vulnerability in Mongo Web Admin 6.0. It retrieves sensitive connection details (host, port, user, password) via an unauthenticated HTTP request to a local endpoint.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Mongo Web Admin 6.0
No auth needed
Prerequisites:Access to the local network or host running Mongo Web Admin