NoSQL Injections in Rocket.Chat 3.12.1: How A Small Leak Groun | PT SWARM

NoSQL Injections in Rocket.Chat 3.12.1: How A Small Leak Grounds A Rocket by Paul Gerste

RCE on Rocket.Chat servers via MongoDB noSQLi. Valid account required.

Contents:
• Impact
• Technical Details
• MongoDB Injection Primer
• NoSQL Injection #1: Taking Over a Regular User
• NoSQL Injection #2: Elevating Privileges
• From Admin to Remote Code Execution
• Mitigation
• Timeline
• Summary

https://blog.sonarsource.com/nosql-injections-in-rocket-chat/

PT SWARM

👨‍🎤 2.98K
Technologies

Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...

Join
▲ Vote (1)

NoSQL Injections in Rocket.Chat 3.12.1: How A Small Leak Groun | PT SWARM

Login