Previous Lecture Complete and continue  

  Course Content

NoSQL Injection: Blind Injection Fundamentals

Table Of Contents

Talk Scope

  1. Exercise: Learn about Blind Injection and leverage it to find vulnerable server-side logic
  2. Exercise: Use logical operators to dump all documents within a MongoDb collection
  3. Exercise: Learn how attackers leverage client-side code to find vulnerable server-side routing functionality

Recap: What is NoSQL Injection (NoSQLi)?

$where: Query Operator

Exercise: $Where Whitelisted Functions

// Available Functions
assert()     Map()         BinData()    MD5()
DBRef()      NumberLong()  emit()       print()
gc()         printjson()   HexData()    printjsononeline()
hex_md5()    sleep()       isNumber()   Timestamp()
isObject()   tojson()      ISODate()    tojsononeline()
isString()   tojsonObject() UUID()      version()
DBPointer()  NumberInt()

Exercise: $Where Whitelisted Functions (Answer)

Exercise: Crafting The Payload (Setup)

Exercise: Crafting The Payload (Setup) CONT.

Exercise: Crafting The Payload (Question)

Exercise: Crafting The Payload (Answer)

Exercise: "Unguessable" Identifiers (Question)

Exercise: "Unguessable" Identifiers (Hint)

Exercise: "Unguessable" Identifiers (Answer)