MongoDB

First Exfiltration

drag_indicator

info

drag_indicator

inputs

drag_indicator

inspect

Retrieving data

Now that you have an oracle on the database, try to recover the admin password.

Goal: find the admin password

The flag use the following format: FLAG\{\d+\}

Hints

Solution

drag_indicator

waf

INPUT

OUTPUT

drag_indicator

code

drag_indicator

result