A simple MongoDB Injection

Security Warning: A simple MongoDB Injection
Author: nosqlfan
In the relational database era, SQL injection attacks and defenses have become a required course for almost every Web Developer. Many NoSQL supporters call NoSQL and No SQL injection at the same time. Otherwise, the following is a MongoDB injection that is not strictly determined by the GET parameter, hoping to attract everyone's attention in terms of security.
 
 
 
In a system that uses SQL database to store user names and passwords, the process of detecting user names and passwords may be as follows:
 
Mysql_query ("SELECT * FROM user
WHERE username = ". $ _ GET ['username'].",
AND passwd = ". $ _ GET ['passwd']) We use MongoDB for the simplest user name AND password detection, which may be like this:
 
$ Collection-> find (array (
"Username" = >$ _ GET ['username'],
"Passwd" => $ _ GET ['passwd']
); In the most common SQL injection, we can construct the following request:
 
Login. php? Username = admin & passwd = abc OR 1-
 
This request will form such an SQL statement:
 
SELECT * FROM user WHERE username = admin AND passwd = abc OR 1; successful injection!
 
Using the same method, you can construct the following request for the MongoDB query method above:
 
Login. php? Username = admin & passwd [$ ne] = 1
 
This request will form such a MongoDB query:
 
$ Collection-> find (array (
"Username" => "admin ",
"Passwd" => array ("$ ne" => 1)
); Injected successfully!
 
For more information about NoSQL security, see NoSQLFan's article: NoSQL Security Attack and Defense