Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Believe there is a bug in the Exploiting NoSQL operator injection to bypass authentication web academy

Patrick | Last updated: Sep 26, 2023 11:34PM UTC

Have confirmed can use NoSQL injection to login as wiener (injecting on username, password, or both)... but when attempt to login as administrator (or any other account), get a 500 error (unexpected # of results found). Don't want to say too much to avoid a spoiler, but can someone look and confirm if the lab is functional?

Patrick | Last updated: Sep 26, 2023 11:42PM UTC

Please disregard, realized error of my ways

Hamdi | Last updated: Sep 27, 2023 02:29PM UTC

Hi, I was able to log in as carlos with the below payload but it didn't work with the administrator username {"username":"carlos","password":{"$ne":"invalid"}}

Patrick | Last updated: Sep 27, 2023 08:38PM UTC

@Hamdi -- There's a reason for that... ;)

Ben, PortSwigger Agent | Last updated: Sep 28, 2023 08:09AM UTC

Hi Hamdi, As an aside, our normal mode of operation for new lab topics is not to provide a solution for a period of time to allow users to complete them without any guidance (this allows users to move up the leader board in our Hall of Fame). If you are totally stuck the solutions should be published at some point in the next week or so.

Hamdi | Last updated: Sep 28, 2023 11:29AM UTC

@Patrick --Thank you for the hint, lab solved ;)

9ja2dbone | Last updated: Sep 28, 2023 01:32PM UTC

@Patrick, @Hamdi, i hit the same road block, can you suggest any hint on how to go around it? i keep getting 500. i was able to log in as an Carlos but could not log in as the Admin

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.