Regex Operator

We can use the $regex operator to extract passwords of users.

Password Length

We can use an injection query as follows to guess the password length.

user=admin&pass[$regex]=^.{7}$&remember=on

Here we are checking the condition if the password is 7 characters long, if not then an error will be returned. We can keep changing the value and guess the password length via trial and error.

Guessing the characters

user=admin&pass[$regex]=^c....$&remember=on

Here I assume that the length of the password was of 5 characters. The above query has c followed by four dots which means that we are checking if the password starts with letter c.

If correct, then we will get a success response to this request.

PreviousExample 2 NextXXE Injection

Last updated 24 days ago