👩💻 Join our community of thousands of amazing developers!
Short Overview This box consist of several vulnerabilities: NoSQL Injection - Specifically the part with sending the payload using JSON, we use this vulnerability to bypass the login process. Server Side Template Injection - We could directly use HTML and then inject an iframe which src is set to /etc/passwd and after that we traverse the application itself to find the MongoDB user/password, and we used those to connect successfully to the machine using the password provided there....