Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22911 PoC — Rocket.Chat 安全漏洞

Source
https://github.com/optionalCTF/Rocket.Chat-Automated-Account-Takeover-RCE-CVE-2021-22911
Associated Vulnerability
Title:Rocket.Chat 安全漏洞 (CVE-2021-22911)
Description:A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
Description
Full unauthenticated RCE proof of concept for Rocket.Chat 3.12.1 CVE-2021-22911
Readme
# Rocket.Chat Automated Unauthenticated Account Takeover to RCE (CVE-2021-22911)
Full unauthenticated RCE proof of concept for Rocket.Chat 3.12.1 CVE-2021-22911

The original PoC created by Enox.


Currently this only works for accounts without 2FA. I will be adding 2FA bypasses shortly
---
### Created by optional
- [optional's Twitter](https://twitter.com/optionalctf)
File Snapshot

 [4.0K]  /data/pocs/a924e6d59c7c97efe04084693f2203b685f6e55d
├── [7.8K]  exploit.py
├── [ 372]  README.md
└── [  18]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →