NoSQL Injection — MongoDB Operator Bypass

MongoLogin accepts JSON authentication. The backend builds a MongoDB query directly from the request body. Inject MongoDB operators to bypass authentication and log in as admin without knowing the password.