0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
369747616fcc349514ed7d80ec2c60a67237a40c
hunting/NoSQL-Injection/README.md
T
copilot-swe-agent[bot] 0a48c19312 Add NoSQL, CSV, File Upload vulnerabilities and enhance Command Injection 
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-01-04 19:45:07 +00:00

1.3 KiB
Raw Blame History

NoSQL Injection

Description

NoSQL injection is a vulnerability where an attacker can inject or manipulate NoSQL queries to bypass authentication, extract data, or perform unauthorized operations. This affects databases like MongoDB, CouchDB, Redis, Cassandra, and others that don't use traditional SQL syntax.

Common Attack Vectors

  • Authentication bypass in login forms
  • Data extraction through query manipulation
  • MongoDB operator injection ($ne, $gt, $regex, etc.)
  • JSON/BSON injection in APIs
  • Redis command injection
  • CouchDB view manipulation
  • Elasticsearch query injection

Testing Approach

Submit NoSQL operators, special characters, and query manipulation attempts in:

  • Login forms (username/password fields)
  • Search parameters
  • API endpoints accepting JSON
  • Query string parameters
  • Cookie values
  • HTTP headers

Common Vulnerable Patterns

  • Direct user input in find(), findOne() queries
  • Unvalidated JSON parsing in authentication
  • Improper input sanitization in MongoDB queries
  • Exposed NoSQL query interfaces

Payloads

See nosql-injection-payloads.txt for a comprehensive list of NoSQL injection payloads covering:

  • MongoDB injection
  • CouchDB injection
  • Redis injection
  • Cassandra injection
  • Elasticsearch injection
  • Authentication bypass techniques
  • Data extraction methods
Reference in New Issue View Git Blame Copy Permalink