NoSQL Injection

Aug 28, 2024 · 4 min read · Basic authentication bypass Using not equal ($ne) or greater ($gt) In PHP you can send an Array changing the sent parameter from parameter=foo to parameter[arrName]=foo. The exploits are based in adding an Operator: #in URL username[$ne]=toto&passwor...