This repo aims to contain wordlists with payloads for NoSQL Injections.
Support this project (to solve issues, new features...) by applying the Github "Sponsor" button.
Currently only has MongoDB payloads.
Of course!! Your contribution are welcome. Send me a Pull Request.
Here some references that I found useful:
- https://arxiv.org/pdf/1506.04082.pdf
- https://pentesterlab.com/exercises/web_for_pentester_II/course
- https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_sql_and_nosql_injection.html
- https://www.defcon.org/images/defcon-21/dc-21-presentations/Chow/DEFCON-21-Chow-Abusing-NoSQL-Databases.pdf
- https://www.imperva.com/blog/nosql-ssji-authentication-bypass/ for a php nosql authentication bypass
- https://gitlab.com/pentest-tools/PayloadsAllTheThings/tree/master/NoSQL%20Injection#authentication-bypass