Forum Discussion
Solved
Trick or Treat: Manor of Madness
Any hints or close payloads for last task
This should nudge you in the right direction - MongoDB $where operator JavaScript injection - Web Application Vulnerabilities | Invicti
Hi Samh051,
This query worked for you in the last question?
{“$where":"this.name == ‘admin’||’1’==‘1’&& this.incantation == ‘admin’||’1’==‘1’“}
PRABAKARANRAMAMURTHY
Thank you immervivesolver.
This worked:
{"$where":"this.name=='admin'||'1==1' && this.incantation =='admin'||'1==1'"}
