NoSQL Injection Detection — A hands-on Exploitation Walkthrough
1 min read
Summary
The NoSQL injection vulnerability occurs when user-controlled inputs are embedded in NoSQL queries without proper sanitisation, enabling manipulation of queries, retrieval of sensitive data, bypassing of authentication, and alteration of application logic.
In the lab, the web application is focussed on, which uses URL parameters to filter products based on category.
The verification process involves injecting a single quote into the parameter which displays a JavaScript syntax error in the browser, confirming the vulnerability of the application to NoSQL injection.
Further testing using ’+’ and ’&& 0 && ” (encoded ’&& 0 && ‘x) payloads confirm the ability to manipulate the query logic to display no products, and then to display products again by using a true boolean condition.
The finalised payload of ‘||1||’ (encoded ‘||1||’) bypasses all other filters, revealing previously hidden products, thus successfully exploiting the vulnerability.