Forum Discussion
Bronze IIITrick or Treat: Manor of Madness
Any hints or close payloads for last task
This should nudge you in the right direction - MongoDB $where operator JavaScript injection - Web Application Vulnerabilities | Invicti
9 Replies
Samh051Sure, the query i used is
$where":"this.name == '' && this.incantation == '';1==1"The aim was to discover you could use JavaScript injection to evaluate the query to true.
immervivesolverSamh051 I tried this query but didn’t worked. I managed to build a query using the resource you shared. Thanks for suggestion.
- PRABAKARANRAMAMURTHY
Hi immervivesolver, can I understand more on the query you build to solve the last question?
Does it use "sleep(5000)"? Can you drop some hints please?
- PRABAKARANRAMAMURTHY
Hi Samh051,
This query worked for you in the last question?
- immervivesolver
{“$where":"this.name == ‘admin’||’1’==‘1’&& this.incantation == ‘admin’||’1’==‘1’“}
PRABAKARANRAMAMURTHY
- Samh051
This should nudge you in the right direction - MongoDB $where operator JavaScript injection - Web Application Vulnerabilities | Invicti
- immervivesolver
i tried, but didn’t worked. Would you mind pasting the payload
