Hacking Meteor Applications

This article is intended to help you test and enhance the security of your Meteor applications

Meteor informations

// Meteor version
Meteor.release;
// Get settings.json public data (maybe juicy informations)
Meteor.settings;
// Production environment
Meteor.isProduction;
// Get current user informations
Meteor.user();
// Maybe get informations about other users
Meteor.users.find().fetch();
// Get meteor data
this;

Session variables

// List session variables
Session.keys
// Insert/Update variable
Session.set(‘theVariableName’, ‘newValue’);
// Get value of a specific variable
Session.get(‘theVariableName’);
// Delete variable
delete Session.keys.theVariableName;

Collections

List collections data

const subscriptions = _.map( Meteor.default_connection._subscriptions, sub => sub.name );
_.each(subscriptions, sub => {
if ( Meteor.Collection.get(sub.toLowerCase()) ) {
console.log(sub, Meteor.connection._stores[sub.toLowerCase()]._getCollection().find().fetch());
}
});

List local collections data

_.forIn(this, (value, key) => {
if (this[key] && typeof this[key] === 'object' && this[key].hasOwnProperty('_collection') && this[key]._connection === null) {
console.log(key, this[key].find().fetch());
};
});

Play with collections

TheCollectionName.insert({ key: value, key2: value2 }); // Insert
TheCollectionName.remove({ _id: theEntryId }); // Remove
TheCollectionName.update({ _id: theEntryId }, {$set: { // Update
key: value,
key2: value2
}});

Server methods

Use your browser debugger to search js sources for ‘Meteor.call’. You can then try to call server methods from your client

Click on each line to see the code
An example of a meteor method supposed to add an email

Templates

List all templates

Template.forEach(value => {
if (_.isObject(value)) {
console.log(value.viewName);
}
});

Render a template

Blaze.render(Template[templateName], document.body);

Get template informations

// Get template events list
Template.TheTemplateName.__eventMaps;
// Display the event code
Template.TheTemplateName.__eventMaps.get('TheEvent');
// Get template helpers list
Template.TheTemplateName.__helpers;
// Display the helper code
Template.TheTemplateName.__helpers.get('TheHelper');
// Get template creation callback
Template.TheTemplateName._callbacks.created;
// Get template rendering callback
Template.TheTemplateName._callbacks.rendered;
// Get template destruction callback
Template.TheTemplateName._callbacks.destroyed;

Routes

Get routes names and paths

_.each(Router.routes, route => console.log(route.getName(), route.path()));

Enjoy 😏

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.