{
    "id": "803accb2-c365-3e97-983d-c03d37e8b693",
    "name": "MongoDB: NoSQL injection",
    "slug": "mongodb-nosql-injection",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "657cf698-108b-45a3-993c-d8e238ebbfaf",
            "1b212166-e0a6-4b76-9111-0e77533801d9",
            "46c248cb-51a2-309e-8b12-ee059def0007"
        ],
        "pta_sdn": "232",
        "collections": [],
        "pta_namespace": "attackdefenselabs",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": {
        "id": "3b086ae1-93bb-4ae4-b797-b1fca7fdd946",
        "user_id": "5dde02c1-353c-4e44-af4d-e217c38efd6a",
        "lab": {
            "id": "803accb2-c365-3e97-983d-c03d37e8b693",
            "name": "MongoDB: NoSQL injection",
            "lab_type": "pta"
        },
        "pta_url": "https://wlshti7jubfxurjpmmi9hhjwu.us-east-11.attackdefensecloudlabs.com",
        "last_started_at": "2024-11-05T19:20:34.013820Z",
        "terminated_at": "2024-11-05T19:39:57.094287Z",
        "running_time": 1163,
        "metadata": {
            "layout": "tr-tr-qwerty",
            "region": "US-East",
            "context": {
                "parent_id": "1b212166-e0a6-4b76-9111-0e77533801d9",
                "parent_name": "Web Application Penetration Testing: SQL Injection Attacks",
                "parent_type": "course"
            }
        },
        "status": "terminated",
        "created": "2024-11-05T19:20:34.013849Z",
        "modified": "2024-11-05T19:39:57.098166Z",
        "duration_in_seconds": 1153,
        "shutdown_time": 10800
    },
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2022-03-17T11:44:40.096503Z",
    "modified": "2024-12-20T16:47:00.999991Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [
        {
            "id": "620e45fa-779d-470c-8a03-a8394f1915a0",
            "name": "Infrastructure Attacks"
        },
        {
            "id": "8c30224b-ca3a-4f63-a91f-9e0c50e43d36",
            "name": "MongoDB"
        }
    ],
    "tags": [],
    "difficulty": "professional",
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "classification": null,
    "is_trackable": true,
    "cpe_credits": null,
    "is_skill_check": false,
    "external_url": "",
    "solution_video": "82768355-931b-3342-8df9-7aecbe7f6797",
    "explanation_video": null,
    "description": "[MongoDB](https://www.mongodb.com/)\u00a0is a document-oriented NoSQL database system.\u00a0The Webapp is vulnerable to injection attacks which might allow the attacker to dump all documents of the collection from the backend Mongodb server.\n\n**Objective:** Fetch the list of all users\u00a0 (or other relevant info about them)\u00a0and retrieve the flag!.\n\nThis lab is inspired by two blog posts i.e. [blog post 1](https://www.idontplaydarts.com/2010/07/mongodb-is-vulnerable-to-sql-injection-in-php-at-least/) and [blog post 2](http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/).",
    "description_html": "<p><a href=\"https://www.mongodb.com/\">MongoDB</a>\u00a0is a document-oriented NoSQL database system.\u00a0The Webapp is vulnerable to injection attacks which might allow the attacker to dump all documents of the collection from the backend Mongodb server.</p>\n<p><strong>Objective:</strong> Fetch the list of all users\u00a0 (or other relevant info about them)\u00a0and retrieve the flag!.</p>\n<p>This lab is inspired by two blog posts i.e. <a href=\"https://www.idontplaydarts.com/2010/07/mongodb-is-vulnerable-to-sql-injection-in-php-at-least/\">blog post 1</a> and <a href=\"http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/\">blog post 2</a>.</p>",
    "tasks": "",
    "tasks_html": "",
    "published_date": "2023-07-12T04:00:13.004040Z",
    "solutions": "The solution for this lab can be found in the following manual:\n        <a href=\"https://assets.ine.com/labs/ad-manuals/walkthrough-232.pdf\" target=\"blank\">https://assets.ine.com/labs/ad-manuals/walkthrough-232.pdf</a>",
    "solutions_html": "<p>The solution for this lab can be found in the following manual:\n        <a href=\"https://assets.ine.com/labs/ad-manuals/walkthrough-232.pdf\" target=\"blank\">https://assets.ine.com/labs/ad-manuals/walkthrough-232.pdf</a></p>",
    "flags": [
        {
            "name": "Flag",
            "type": "short-text",
            "uuid": "4eeeac33-4c15-47e2-b1f9-214f998d0a3d"
        }
    ],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "finished",
    "user_lab_status": {
        "user_id": "5dde02c1-353c-4e44-af4d-e217c38efd6a",
        "lab": "803accb2-c365-3e97-983d-c03d37e8b693",
        "status": "finished",
        "created": "2024-11-05T19:18:17.200871Z",
        "modified": "2024-11-05T19:39:39.331936Z",
        "lab_type": "pta",
        "flags": [
            {
                "uuid": "4eeeac33-4c15-47e2-b1f9-214f998d0a3d",
                "has_passed": true,
                "user_value": "n0ssql_m0ng0db_php_4rray",
                "is_case_sensitive": false
            }
        ],
        "lab_objectives": [],
        "last_activity_date": "2024-11-05T19:39:39.325246Z"
    },
    "user_status_modified": "2024-11-05T19:39:39.331936Z",
    "user_flags": [
        {
            "uuid": "4eeeac33-4c15-47e2-b1f9-214f998d0a3d",
            "has_passed": true,
            "user_value": "n0ssql_m0ng0db_php_4rray",
            "is_case_sensitive": false
        }
    ],
    "global_running_session": null
}