MongoDB

First Exfiltration

drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Retrieving data

Now that you have an oracle on the database, try to recover the admin password.

Goal: find the admin password

The flag use the following format: FLAG\{\d+\}

Hints

Solution

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result