0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0a48c19312c2c60b02fd1d58ba70c42832b8a409
hunting/NoSQL-Injection/README.md
T
copilot-swe-agent[bot] 0a48c19312 Add NoSQL, CSV, File Upload vulnerabilities and enhance Command Injection 
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-01-04 19:45:07 +00:00

39 lines
1.3 KiB
Markdown
Raw Blame History

# NoSQL Injection
## Description
NoSQL injection is a vulnerability where an attacker can inject or manipulate NoSQL queries to bypass authentication, extract data, or perform unauthorized operations. This affects databases like MongoDB, CouchDB, Redis, Cassandra, and others that don't use traditional SQL syntax.
## Common Attack Vectors
- Authentication bypass in login forms
- Data extraction through query manipulation
- MongoDB operator injection ($ne, $gt, $regex, etc.)
- JSON/BSON injection in APIs
- Redis command injection
- CouchDB view manipulation
- Elasticsearch query injection
## Testing Approach
Submit NoSQL operators, special characters, and query manipulation attempts in:
- Login forms (username/password fields)
- Search parameters
- API endpoints accepting JSON
- Query string parameters
- Cookie values
- HTTP headers
## Common Vulnerable Patterns
- Direct user input in `find()`, `findOne()` queries
- Unvalidated JSON parsing in authentication
- Improper input sanitization in MongoDB queries
- Exposed NoSQL query interfaces
## Payloads
See `nosql-injection-payloads.txt` for a comprehensive list of NoSQL injection payloads covering:
- MongoDB injection
- CouchDB injection
- Redis injection
- Cassandra injection
- Elasticsearch injection
- Authentication bypass techniques
- Data extraction methods
Reference in New Issue View Git Blame Copy Permalink