Skip to content

Chihab357/NoSQL-Injections

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

4 Commits
views
views
Β 
Β 
README.md
README.md
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 
server.js
server.js
Β 
Β 

Repository files navigation

πŸ›‘οΈ NoSQL Injection Demonstration 🚨

Educational Purpose Only

Hacker GIF

πŸ“‹ Project Overview

This project demonstrates the vulnerability of NoSQL databases, focusing on MongoDB when used with a Node.js application. It highlights how attackers can bypass authentication using improperly validated inputs.

πŸ’‘ Key Learning Points:

  • Exploit NoSQL Injection using special MongoDB operators like $gt and $or.
  • Demonstrate how unsecured queries can alter logic.
  • Showcase mitigation strategies to secure your app.

πŸš€ Tech Stack

  • Backend: Node.js
  • Database: MongoDB
  • Testing Tool: Postman

βš™οΈ How It Works

  1. Setup: Create a database demo with a users collection containing username and password fields.
  2. Attack: Use Postman to send specially crafted JSON payloads with MongoDB operators like: 
    { "username": { "$gt": "" }, "password": { "$gt": "" } }

About

Demonstration of NoSQL Vulnerabilities

Topics

nodejs javascript html sql mongodb nosql postman ejs mongosh

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages