# NoSQL Injections * No tables, but files (collections) * Examples are Elasticsearch, MongoDB, Redis, CouchDB. ## Querying * Filter instead of SQL queries * [Redis docs](https://redis.io/documentation) * [MongoDB operators](https://docs.mongodb.com/manual/reference/operator/query/) * [Elasticsearch docs](https://www.elastic.co/guide/index.html) # Operators * Most common ```sql $and $or $eq $ne $gt $where $exists $regex ``` ## Tips & Tricks * Pass HTTP parameter as an array instead of `user=` and `password=` use `user[$operator]=foo` and `password[$operator]=bar` * 2D array via `user[$nin][]=foo` ## Example * POST or GET parameters ```sh username=admin&password[$ne]=admin ```