Threat Actor Sells MongoDB Exploit for $100,000, Claiming New Vulnerability

Threat Actor: Unknown | Unknown
Victim: MongoDB systems | MongoDB
Price: $100,000
Exfiltrated Data Type: Not specified

Additional Information:

  • The threat actor claims to possess a Remote Code Execution (RCE) exploit targeting MongoDB systems.
  • The exploit is a zero-day vulnerability within the MongoDB Driver, affecting versions up to 6.2.
  • The threat actor has been developing and refining the exploit since mid-2022.
  • The actor is open to offers and invites interested parties to engage via private message.
  • A live demonstration of the exploit on the actor’s server is offered for verification purposes.
  • To execute the exploit, a simple POST request is required on a vulnerable MongoDB host running version 6.2 or lower.
  • The unintentional patching of the exploit in MongoDB 6.3 was not publicly announced.
  • The starting price for consideration is set at $100,000.
  • The threat actor assures coverage of escrow expenses and emphasizes transparency and mutual trust in the transaction process.

In a concerning development, a threat actor has surfaced, claiming to possess a Remote Code Execution (RCE) exploit targeting MongoDB systems. According to the actor’s statement, the exploit remains unidentified and constitutes a zero-day vulnerability within the MongoDB Driver, rendering vulnerable any site running MongoDB versions up to 6.2. The actor disclosed that they had been developing and refining this exploit since mid-2022 but no longer find it useful. Expressing openness to offers, the threat actor invites interested parties to engage via private message, offering a live demonstration of the exploit on their server for verification purposes.

To execute the exploit, once a vulnerable MongoDB host running version 6.2 or lower is identified, a simple POST request suffices, making it accessible even to inexperienced users. The threat actor emphasizes that the unintentional patching of the exploit in MongoDB 6.3 was never publicly announced, heightening the urgency for organizations to address potential vulnerabilities promptly. The actor sets a starting price for consideration at $100,000, with assurances of covering escrow expenses, underscoring a commitment to transparency and mutual trust in the transaction process.

Original Source: https://dailydarkweb.net/threat-actor-offers-mongodb-remote-code-execution-rce-exploit-for-100000-claiming-unidentified-0-day-vulnerability/