NoSQLi

NoSQLi is a vulnerability where an attacker manipulates NoSQL database queries by injecting malicious code through user inputs.

The example below is based on PostSwigger's Exploiting NoSQL operator injection to bypass authentication lab.

A simplified example of how mongodb queries filters data using mongoplayground can be found below (Figure 1).

Figure 1: A NoSQLi example of a successful authentication bypass.

Replicating the above authentication bypass attempt does not seem to work (Figure 2).

Figure 2: A failed authentication bypass attempt.

The error message indicates that we might not have an exact match for the administrator username. Thus, we can try injecting a regex payload for the username parameter (Figure 3 & 4).

Figure 3: Testing a regex payload for the username parameter.

Figure 4: A successful authentication bypass attempt.

To solve the lab, the cookie must be entered manually through the browser.

NoSQLMap