# NoSQL Injections

* No tables, but files (collections)
* Examples are Elasticsearch, MongoDB, Redis, CouchDB.

## Querying
* Filter instead of SQL queries
* [Redis docs](https://redis.io/documentation)
* [MongoDB operators](https://docs.mongodb.com/manual/reference/operator/query/)
* [Elasticsearch docs](https://www.elastic.co/guide/index.html)

## Tips & Tricks

* Pass HTTP parameter as an array instead of `user=` and `password=` use `user[$operator]=foo` and `password[$operator]=bar`
    * 2D array via `user[$nin][]=foo`