Forum Discussion
Bronze IITrick or Treat on Specter Street: Manor of Madness
Don’t focus on cookies.its just a trap.i wasted hours on tampering those. Just focus on query.
ThreatWhispererthis query you can try on both fields separately or inject in both fields at a time.It will give a time based.you can try tweaking with true conditon
this.name == 'a'; sleep(5000)
Bronze IIINot sure what you're trying but you can solve it using SQL injection techniques
I don't want to be too specific and give away too much
immervivesolverLewisMutton I tried almost every NoSQL injection payloads and no luck.
Do we need to change anything like Auth token or content type??
if you have payload, can you give more hint to solve it- LewisMutton
Think about closing the string early and appending a boolean expression using OR (||) that includes the keyword name in the query.
I did the same thing got all the way to the final Q using the same simple injection and then got a bit stuck, but got there in the end! 
ThreatWhispererFor what it's worth, I managed to get through all but the last task with a very (very) simple NoSQL injection, and always the same one, with no other tricks.
Now I'm stuck on the last task, where all the NoSQL injections I've tried aren't working, and I see also a session cookie involved, but so far I haven't been able to figure out what's needed...
- immervivesolver
Don’t focus on cookies.its just a trap.i wasted hours on tampering those. Just focus on query.
ThreatWhispererthis query you can try on both fields separately or inject in both fields at a time.It will give a time based.you can try tweaking with true conditon
this.name == 'a'; sleep(5000)
