Nimbus Ledger
Nimbus Ledger's report builder accepts a client-supplied query spec and runs it against the documents in an embedded NoSQL store that shares a namespace with the admin audit log.
The Scenario
Nimbus's original reports module was read-only and hand-written. Q3 shipped a "flexible query" rewrite that accepts a JSON-serialised filter spec from the dashboard. The admins collection was meant to be isolated, but ended up sharing the same Nitrite namespace.
Challenge Intel
Synopsis
A master-tier NoSQL injection lab where a reporting engine runs client-supplied query specs.
What It Is
Nimbus Ledger's refreshed reporting module accepts serialised filter specifications from the dashboard and executes them against an embedded document store. The datastore's namespace layout quietly merges the admin surface with the tenant-facing data, turning the reporting endpoint into a gateway for far more than reports. Expect to reason carefully about query semantics, collection boundaries, and what the engine is actually willing to do.
Who It's For
Advanced testers who enjoy chaining datastore quirks with flexible-query endpoints.
Skills You'll Practice
- Abusing client-supplied query specifications
- Embedded document-database injection
- Namespace and collection boundary analysis
- Constructing filters that cross trust boundaries
- Reasoning about serialised query formats
What You'll Gain
- Hard-won experience exploiting reporting engines with flexible query surfaces
- A repeatable approach for probing namespace isolation claims
- Fluency in document-database quirks that bite in production
- A benchmark for your highest-difficulty NoSQL work
Ready to hack Nimbus Ledger?
Upgrade to Pro to unlock this challenge and the full library.