webProeasy

Lab 329 — PipelineIQ — NoSQL Injection Authentication Bypass

hackadvisor

Task: CRM platform with JSON login API that passes user input directly to MongoDB without type validation. Solution: NoSQL injection using $ne operator to bypass authentication and access admin reports containing the flag.

$ ls tags/ techniques/

nodejs authentication_bypass express nosql mongodb json_api crm

session_hijackingnosql_injection_ne_operatormongodb_query_operator_injectionauthentication_bypass

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 327 — PipelineIQ — NoSQL Injection Authentication Bypass— hackadvisor
[web][Pro]Lab 373 — PipelineIQ — Django ORM Filter Injection— hackadvisor
[web][Pro]Lab 328 — DataNest — NoSQL Operator Injection in Authentication— hackadvisor
[web][Pro]Lab 326 — PulseBoard — NoSQL Injection in Authentication— hackadvisor
[web][Pro]Mongo 1— web-kids20