Previous Lecture Complete and continue  

  Course Content

NoSQL Injection: WAF Evasion Fundamentals

Talk Scope

  1. Exercise: Evaluate WAF attack vectors by looking at a Modsecurity WAF Rule
  2. Exercise: Deduce backend logic through URL structure to bypass potential WAF rules and dump all documents within a MongoDb collection
  3. Extension of NoSqi Series

WAF (Web Application Firewall) Review

Exercise: Bypassing WAF Rules (Question)

Exercise: Bypassing WAF Rules (Answer)

Exercise: Deducing Backend Logic (Question)

Exercise: Deducing Backend Logic (Answer)

Exercise: Finding the UNKNOWN_VALUE object (Question)

Exercise: Finding the UNKNOWN_VALUE object (Answer)

Exercise: Finding this.UNKNOWN_VALUE (Question)

Exercise: Finding this.UNKNOWN_VALUE (Answer)

Takeaways

Discussion
0 comments