Blind noSQL injection case study lab based on CVE-2018-3783 (privilege escalation on flintcms 1.1.9).
The vulnerability was originally discovered by Benoit Côté-Jodoin. You can read original report on HackerOne.
docker-compose
Limitation: We removed sendEmail
function so that the server cannot send an email. However, it can still generate a token when password is reset.
- The environment variables are in
docker-compose.yml
you can change database's credential here. - Run
docker-compose up
, wait until the containers are built and running properly. - Go to
localhost:4000
you should see a welcome page. Then visitlocalhost:4000/admin/install
, enter fake email username and password. - Let's hack!
Don't forget to run docker-compose down
once finished hacking.
Coming soon.