Forum Discussion
Bronze IITrick or Treat on Specter Street: Manor of Madness
Don’t focus on cookies.its just a trap.i wasted hours on tampering those. Just focus on query.
ThreatWhispererthis query you can try on both fields separately or inject in both fields at a time.It will give a time based.you can try tweaking with true conditon
this.name == 'a'; sleep(5000)
Bronze IIFor what it's worth, I managed to get through all but the last task with a very (very) simple NoSQL injection, and always the same one, with no other tricks.
Now I'm stuck on the last task, where all the NoSQL injections I've tried aren't working, and I see also a session cookie involved, but so far I haven't been able to figure out what's needed...
Bronze IIDon’t focus on cookies.its just a trap.i wasted hours on tampering those. Just focus on query.
ThreatWhisperer
this query you can try on both fields separately or inject in both fields at a time.It will give a time based.you can try tweaking with true conditon
this.name == 'a'; sleep(5000)
- ThreatWhisperer
Thanks, I kind of understand, but I'm struggling too much...
The other steps were very basic injections, but this one is too complex for me, without a real NoSQL and NoSQL injection knowledge. I tried many combinations and got lots of 5000 internal server errors, some bad requests, and a few times I was seeing the delay in burp, but then I was getting the error message like in the web page.
