CSCAMP CTF Quals 2013 - Web200
NoSQL injection here on MongoDB. Just a bit of google to found out https://www.idontplaydarts.com/2010/07/mongodb-is-vulnerable-to-sql-injection-in-php-at-least/ where the solution is kinda written in plain.
Payload was this: http://18.104.22.168/challenges_x/final/lph/blog.php?id[$ne]=1 that show us all article in the database except the one that has id=1. The SQL equivalent is: “select * from users where id!=1”.