Update Readme.md

Author: Esther7171

Wpt/Server Side vulnerability/NoSQL injection/Readme.md

@@ -168,4 +168,33 @@ For URL-based inputs, you can insert query operators via URL parameters. For exa
 
 > Note:
 >
-> You can use the [Content Type Converter](https://portswigger.net/bappstore/db57ecbe2cb7446292a94aa6181c9278) extension to automatically convert the request method and change a URL-encoded POST request to JSON. 
+> You can use the [Content Type Converter](https://portswigger.net/bappstore/db57ecbe2cb7446292a94aa6181c9278) extension to automatically convert the request method and change a URL-encoded POST request to JSON.
+
+## Detecting operator injection in MongoDB
+
+Consider a vulnerable application that accepts a username and password in the body of a `POST` request:
+```
+{"username":"wiener","password":"peter"}
+```
+Test each input with a range of operators. For example, to test whether the username input processes the query operator, you could try the following injection:
+```
+{"username":{"$ne":"invalid"},"password":"peter"}
+```
+If the `$ne` operator is applied, this queries all users where the username is not equal to invalid.
+
+If both the username and password inputs process the operator, it may be possible to bypass authentication using the following payload: 
+```
+{"username":{"$ne":"invalid"},"password":{"$ne":"invalid"}}
+```
+This query returns all login credentials where both the username and password are not equal to invalid. As a result, you're logged into the application as the first user in the collection.
+
+To target an account, you can construct a payload that includes a known username, or a username that you've guessed. For example:
+```
+{"username":{"$in":["admin","administrator","superadmin"]},"password":{"$ne":""}}
+```
+---
+| S.No | Name | Walkthrough |
+|--|--|--|
+| Lab 1 | [Exploiting NoSQL operator injection to bypass authentication](https://portswigger.net/web-security/nosql-injection/lab-nosql-injection-bypass-authentication) | [Link]() |
+
+---