In Example 1 I was able to login as admin account using NoSQLi but it was possible because admin was the first account returned. What if I wanted to access other accounts as well?
Here the $nin operator can be used.
user[$nin][]=admin&pass[$ne]=sssss&remember=on
Here the operator means not in . In this injection statement all the documents that DO NOT have admin as the username will be returned which will let me know about the other users present in the website.
I got the above user account. Now to look for other accounts I modified the condition as follows.
Now using the above query and modifying it, I was able to discover four more user accounts.
