Forum Discussion
Bronze IITrick or Treat on Specter Street: Manor of Madness
Any hints for Manor of Madness last task. I have been trying from hours and got struck at last task
Don’t focus on cookies.its just a trap.i wasted hours on tampering those. Just focus on query.
ThreatWhispererthis query you can try on both fields separately or inject in both fields at a time.It will give a time based.you can try tweaking with true conditon
this.name == 'a'; sleep(5000)
8 Replies
- LewisMutton
Bronze III
Not sure what you're trying but you can solve it using SQL injection techniques
I don't want to be too specific and give away too much
immervivesolverLewisMutton I tried almost every NoSQL injection payloads and no luck.
Do we need to change anything like Auth token or content type??
if you have payload, can you give more hint to solve it- LewisMutton
Think about closing the string early and appending a boolean expression using OR (||) that includes the keyword name in the query.
I did the same thing got all the way to the final Q using the same simple injection and then got a bit stuck, but got there in the end!
ThreatWhispererThank you, immervivesolver and LewisMutton !
With your hints I (finally :-)) managed to complete Manor of Madness...
Now my only remaining lab is "Trick or Treat on Specter Street: Morphy’s Mansion"...
