A while ago I created a challenge for #justCTF23 where players needed to blindly exfiltrate data from MongoDB. Here is my payload which triggers DNS resolution. As far as I know, this is a new technique when having SSRF to Mongo without the ability to read the response 😋🔥 #CTF