Blind noSQL injection case study lab based on CVE-2018-3783# nosqli-flintcms
Blind noSQL injection case study lab based on CVE-2018-3783 (privilege escalation on flintcms 1.1.9).
The vulnerability was originally discovered by Benoit Côté-Jodoin. You can read original report on [HackerOne](https://hackerone.com/reports/386807).
## Prerequisites
```
docker-compose
```
**Limitation**: We removed `sendEmail` function so that the server cannot send an email. However, it can still generate a token when password is reset.
## Lab Setup
1. The environment variables are in `docker-compose.yml` you can change database's credential here.
2. Run `docker-compose up`, wait until the containers are built and running properly.
3. Go to `localhost:4000` you should see a welcome page. Then visit `localhost:4000/admin/install`, enter fake email username and password.
4. Let's hack!
Don't forget to run `docker-compose down` once finished hacking.
## How it works?
Coming soon.
[4.0K] /data/pocs/8bef776119f6a6043a8f75074e757a117c6add0e
├── [ 848] docker-compose.yml
├── [1.3K] exploit.py
├── [4.0K] flintapp
│ ├── [ 373] Dockerfile
│ ├── [ 995] index.js
│ ├── [ 355] package.json
│ ├── [340K] package-lock.json
│ ├── [ 513] patchSendEmail.js
│ ├── [4.0K] public
│ │ └── [139K] main.css
│ ├── [4.0K] scss
│ │ └── [ 48] main.scss
│ └── [4.0K] templates
│ └── [1.4K] homepage.njk
└── [ 922] README.md
4 directories, 11 files