A simple MongoDB Injection

Source: Internet
Author: User
Tags mongodb injection mongodb query

Security Warning: A simple MongoDB Injection
Author: nosqlfan
In the relational database era, SQL injection attacks and defenses have become a required course for almost every Web Developer. Many NoSQL supporters call NoSQL and No SQL injection at the same time. Otherwise, the following is a MongoDB injection that is not strictly determined by the GET parameter, hoping to attract everyone's attention in terms of security.
In a system that uses SQL database to store user names and passwords, the process of detecting user names and passwords may be as follows:
Mysql_query ("SELECT * FROM user
WHERE username = ". $ _ GET ['username'].",
AND passwd = ". $ _ GET ['passwd']) We use MongoDB for the simplest user name AND password detection, which may be like this:
$ Collection-> find (array (
"Username" = >$ _ GET ['username'],
"Passwd" => $ _ GET ['passwd']
); In the most common SQL injection, we can construct the following request:
Login. php? Username = admin & passwd = abc OR 1-
This request will form such an SQL statement:
SELECT * FROM user WHERE username = admin AND passwd = abc OR 1; successful injection!
Using the same method, you can construct the following request for the MongoDB query method above:
Login. php? Username = admin & passwd [$ ne] = 1
This request will form such a MongoDB query:
$ Collection-> find (array (
"Username" => "admin ",
"Passwd" => array ("$ ne" => 1)
); Injected successfully!
For more information about NoSQL security, see NoSQLFan's article: NoSQL Security Attack and Defense

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.