siunam's Website

My personal website

Home Writeups Blog Projects About E-Portfolio

Responsive

Overview

In this challenge, we can spawn a docker instance:

Find the flag

Home page:

We’re prompt to a login page!

We can try to guess the username and password:

Hmm… No luck.

If you look carefully in the header: No Login, and a login prompt.

This got me thinking: Is this about NoSQL injection authentication bypass??

According to this blog, we can bypass it via [$ne]:

Let’s fire up Burp Suite and capture the POST request!

Modify the POST value and forward the request:

We’re in!

Conclusion

What we’ve learned:

  1. Authentication Bypass via NoSQL Injection