#
Getting admin access
Chall Name : Getting admin access
Description : Bling bling bling, I bet you're not 1337 enough to shop here! Wait, you need to change /etc/hosts to get this one working??? Yes! To become an admin, you should use /admin
As per description,we have to add the host in /etc/hosts file.First ping the 1337shop.intigriti.io ,we got the IP of that domain ,add that to /etc/hosts file.
And we have the endpoint /admin. On visiting this endpoint it redirects to the login page and i tried lots of ways to bypass this login page but i can't !!.My teammate 0xGodson spoke about Nosqli for some other challs.
I searched for Nosqli payloads and i ends up with this payload
{"username": {"$gt":""}, "password": {"$gt":""}}
I got logged in !!.
View the PageSource and there's a flag.
FLAG{NOSQL_INJECTION_IS_AWESOME_IKODSD}