Categoría: NoSQL injection

Exploiting NoSQL operator injection to extract unknown fields

Descripción The user lookup functionality for this lab is powered by a MongoDB NoSQL database. It is vulnerable to NoSQL injection. To solve the lab, log in as carlos. Tip: The password only uses lowercase letters. Exploiting NoSQL operator injection to extract unknown fields writeup Al entrar en el laboratorio encontraremos una tienda online: Entraremos en […]

Exploiting NoSQL injection to extract data

Descripción The user lookup functionality for this lab is powered by a MongoDB NoSQL database. It is vulnerable to NoSQL injection. To solve the lab, extract the password for the administrator user, then log in to their account. You can log in to your own account using the following credentials: wiener:peter. Tip: The password only uses lowercase letters. […]

Exploiting NoSQL operator injection to bypass authentication

Descripción The login functionality for this lab is powered by a MongoDB NoSQL database. It is vulnerable to NoSQL injection using MongoDB operators. To solve the lab, log into the application as the administrator user. You can log in to your own account using the following credentials: wiener:peter. Exploiting NoSQL operator injection to bypass authentication writeup Al entrar […]

Detecting NoSQL injection

Descripción The product category filter for this lab is powered by a MongoDB NoSQL database. It is vulnerable to NoSQL injection. To solve the lab, perform a NoSQL injection attack that causes the application to display unreleased products. Detecting NoSQL injection writeup Al entrar al laboratorio encontramos una tienda online: Filtraremos por ‘Gifts’ y enviaremos […]