CTF writeups, pentest notes e pesquisas em segurança ofensiva.
NoSQL Injection via MongoDB's $rename operator leading to Prototype Pollution — bypassing localhost-only access control to retrieve the flag.
$rename