Rubén Santos García

NoSQL doesn't mean no injection. MongoDB's $ne, $gt, $regex operators are injection primitives and most scanners miss them entirely. Auth bypass in one JSON body. Blind extraction via $regex one char at a time. $where for timing attacks when server-side JS is enabled. CouchDB Admin Party for legacy targets.

https://www.kayssel.com/newsletter/issue-42/

#infosec #cybersecurity

NoSQL Injection: Breaking MongoDB From the Inside

Operator injection, authentication bypass with $ne and $regex, blind boolean extraction, time-based $where detection, CouchDB default access, and automation tools

Kayssel
Mar 22 at 12:16pmWeb