Forum Discussion
Solved
Trick or Treat: Manor of Madness
Any hints or close payloads for last task
This should nudge you in the right direction - MongoDB $where operator JavaScript injection - Web Application Vulnerabilities | Invicti
Sure, the query i used is
$where":"this.name == '' && this.incantation == '';1==1"The aim was to discover you could use JavaScript injection to evaluate the query to true.
