CVE-2021-22911

This exploit leverages a NoSQL injection vulnerability in Rocket.Chat to reset passwords, bypass authentication, and achieve remote code execution via integration creation. It automates the process of retrieving reset tokens and 2FA secrets to escalate privileges to administrator.

This exploit demonstrates a NoSQL injection vulnerability in Rocket.Chat 3.12.1, leading to unauthenticated remote code execution (RCE) by chaining password reset token brute-forcing, privilege escalation via 2FA bypass, and integration-based command execution.

This repository contains a functional exploit for CVE-2021-22911, demonstrating a pre-auth blind NoSQL injection in Rocket.Chat 3.12.1 leading to RCE. The exploit chains account hijacking, privilege escalation via 2FA secret retrieval, and RCE through webhook script execution.

This repository contains a functional exploit for CVE-2021-22911, demonstrating unauthenticated NoSQL injection leading to account takeover and RCE in Rocket.Chat 3.12.1. The exploit automates user creation, password reset token extraction via NoSQLi, and RCE via integration hooks.

This repository contains a functional exploit for CVE-2021-22911, a critical unauthenticated NoSQL injection vulnerability in Rocket.Chat leading to Remote Code Execution (RCE). The exploit chains three phases: password reset for a low-privilege user, admin password reset via blind NoSQL injection, and RCE through a malicious webhook integration.

This repository contains a functional exploit for CVE-2021-22911, which targets a NoSQL injection vulnerability in Rocket.Chat 3.12.1. The exploit chains authentication bypass, TOTP secret leakage, admin account takeover, and remote code execution via a malicious webhook integration.

This repository contains a functional exploit for CVE-2021-22911, targeting Rocket.Chat <= 3.12.1. It leverages a NoSQL injection vulnerability to leak admin TOTP secrets and password reset tokens, then achieves RCE via a malicious webhook integration.

This repository contains a functional exploit for CVE-2021-22911, a NoSQL injection vulnerability in Rocket.Chat. The exploit leverages a `$where` clause to leak password reset tokens via server-side exceptions and then resets the target user's password.

This repository contains a functional exploit for CVE-2021-22911, which leverages NoSQL injection in Rocket.Chat 3.12.1 to achieve unauthenticated remote code execution (RCE). The exploit chain includes password reset token extraction, privilege escalation to admin, and RCE via integration creation.

This repository contains a functional exploit for CVE-2021-22911, a NoSQL injection vulnerability in Rocket.Chat 3.12.1 that leads to unauthenticated RCE. The exploit chains password reset token extraction, authentication bypass, and integration-based command execution.

This repository contains a functional exploit for CVE-2021-22911, which targets RocketChat 3.12.1. The exploit resets the admin password via a NoSQL injection and then achieves RCE by creating a malicious integration with a reverse shell payload.

This repository contains a functional exploit for CVE-2021-22911, demonstrating a pre-auth blind NoSQL injection in Rocket.Chat 3.12.1 leading to RCE. The exploit chains account hijacking, privilege escalation via 2FA secret extraction, and RCE through webhook script execution.

This repository contains a functional Rust exploit for CVE-2021-22911, targeting Rocket.Chat's password reset mechanism to achieve remote code execution (RCE) via webhook manipulation. The exploit automates password reset, token brute-forcing, and command execution through crafted webhooks.

This repository contains a functional exploit for CVE-2021-22911, a NoSQL injection vulnerability in Rocket.Chat 3.12.1 that leads to remote code execution (RCE). The exploit chain involves password reset token leakage, privilege escalation to admin, and RCE via integration creation.

This repository contains a functional exploit for CVE-2021-22911, targeting a password reset vulnerability in Rocket.Chat. The script automates the process of resetting passwords for both user and admin accounts by exploiting a token leakage flaw.