Welcome to TechStore! This challenge features a realistic e-commerce platform with MongoDB-powered search functionality. The application includes an advanced query feature that accepts MongoDB-style queries. While most visibility filters work normally, there are hidden confidential products that require advanced NoSQL injection techniques to access.

• Master advanced MongoDB operators for accessing hidden data
• Understand visibility-based access controls in NoSQL applications
• Learn to identify and exploit operator-specific vulnerabilities
• Practice targeted NoSQL injection with field-specific restrictions

The application allows normal visibility filtering for public and internal products, but blocks direct access to confidential products. However, there are special confidential products containing sensitive data that can be revealed through careful exploitation of MongoDB operator behaviors. These products have distinctive styling to make them easily identifiable when found.

This challenge demonstrates how MongoDB operators can bypass access controls when applications implement incomplete security filtering. The vulnerability lies in the difference between direct field matching and various operators, where security logic may not account for all operator behaviors and edge cases.