MongoDB is a document-oriented NoSQL database system. The Webapp is vulnerable to injection attacks which might allow the attacker to dump all documents of the collection from the backend Mongodb server.

Objective: Fetch the list of all users  (or other relevant info about them) and retrieve the flag!.

This lab is inspired by two blog posts i.e. blog post 1 and blog post 2.

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-232.pdf