NOSQLINJECTION

We will look in the source file for any hints or clues on how to exploit this system

Downloading the source and looking in the server file we can see that the program is using mongoDB

FOUND USER CREDENTIALS

We will use the user credentials to try and bypass the login page

Using https://book.hacktricks.wiki/en/pentesting-web/nosql-injection.html exploit {"$ne":"null"} in the password field that forces a True boolean as the user’s password will obviously not be null.

Username : picoplayer355@picoctf.org

Password: {"$ne":"null"}

FLAG

We can see that its a base64 encoding so lets decode this!

cGljb0NURntqQmhEMnk3WG9OelB2XzFZeFM5RXc1cUwwdUk2cGFzcWxfaW5qZWN0aW9uXzY3YjFhM2M4fQ==

💡

picoCTF{jBhD2y7XoNzPv_1YxS9Ew5qL0uI6pasql_injection_67b1a3c8}