OSCP
Search…
⌃K
OSCP
Search…
⌃K
All About OSCP
OSCP- One Page Repository
About the Author
Basic Linux & Windows Commands
Recon (Scanning & Enumeration)
Web Application
My checklist
File Upload bypass
Enumeration and Exploitation
No-Sql Injection
SQL Injection
Hidden Files and directories
RFI
LFI
Brute Force
Shells
Transferring files
Priv Escalation
Post Exploitation
Pivoting
Buffer Overflow
Main Tools
MISC
CheatSheet (Short)
OSCP/ Vulnhub Practice learning
Powered By GitBook

No-Sql Injection

Login bypass

Basically change the query to this.
{"user":{"$gt": ""},"pass":{"$gt": ""}}
​http://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html http://blog.websecurify.com/2014/08/attacks-nodejs-and-mongodb-part-to.html​
Previous
Enumeration and Exploitation
Next
SQL Injection
Last modified 3yr ago
Copy link