531 B

Raw Blame History

NoSQL Injections

No tables, but files (collections)
Examples are Elasticsearch, MongoDB, Redis, CouchDB.

Querying

Filter instead of SQL queries
Redis docs
MongoDB operators
Elasticsearch docs

Tips & Tricks

Pass HTTP parameter as an array instead of user= and password= use user[$operator]=foo and password[$operator]=bar
- 2D array via user[$nin][]=foo