Awesome
What's this repo?
This repo aims to contain wordlists with payloads for NoSQL Injections.
Support this project
Support this project (to solve issues, new features...) by applying the Github "Sponsor" button.
What's contains currently?
Currently only has MongoDB payloads.
Can I contribute?
Of course!! Your contribution are welcome. Send me a Pull Request.
References
Here some references that I found useful:
- https://arxiv.org/pdf/1506.04082.pdf
- https://pentesterlab.com/exercises/web_for_pentester_II/course
- https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_sql_and_nosql_injection.html
- https://www.defcon.org/images/defcon-21/dc-21-presentations/Chow/DEFCON-21-Chow-Abusing-NoSQL-Databases.pdf
- https://www.imperva.com/blog/nosql-ssji-authentication-bypass/ for a php nosql authentication bypass
- https://gitlab.com/pentest-tools/PayloadsAllTheThings/tree/master/NoSQL%20Injection#authentication-bypass