NoSQL Injection Vulnerable App

This page demonstrates NoSQL injection vulnerabilities. Try these example payloads:

  • {"$gt": ""} - matches any non-null value
  • {"$ne": null} - matches any value that's not null
  • {"$in": []} - array-based injection
  • {"$regex": ".*"} - regex-based injection

Query Result: