NoSQL doesn't mean no injection.
Uncategorized
1
Posts
1
Posters
0
Views
-
NoSQL doesn't mean no injection. MongoDB's $ne, $gt, $regex operators are injection primitives and most scanners miss them entirely. Auth bypass in one JSON body. Blind extraction via $regex one char at a time. $where for timing attacks when server-side JS is enabled. CouchDB Admin Party for legacy targets.
NoSQL Injection: Breaking MongoDB From the Inside
Operator injection, authentication bypass with $ne and $regex, blind boolean extraction, time-based $where detection, CouchDB default access, and automation tools
Kayssel (www.kayssel.com)
-
R relay@relay.infosec.exchange shared this topic
