GitHub - SEC642/nosqlilab: A lab for playing with NoSQL Injection

SEC642 / nosqlilab Public

forked from adriendb/nosqlilab

Notifications You must be signed in to change notification settings
Fork 0
Star 0

A lab for playing with NoSQL Injection

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
css		css
.dockerignore		.dockerignore
Dockerfile-mongo		Dockerfile-mongo
Dockerfile-web		Dockerfile-web
README		README
README-Docker.md		README-Docker.md
README-Vagrant.md		README-Vagrant.md
Vagrant.bootstrap.sh		Vagrant.bootstrap.sh
Vagrantfile		Vagrantfile
debug.php		debug.php
digininja_avatar.png		digininja_avatar.png
docker-compose.yml		docker-compose.yml
favicon.ico		favicon.ico
guess_the_key.php		guess_the_key.php
index.php		index.php
lab.js		lab.js
phpinfo.php		phpinfo.php
populate_db.php		populate_db.php
user_lookup.php		user_lookup.php

Repository files navigation

With the rise in popularity of NoSQL I figured it was time to build a lab so I
could have a play with the different techniques used to attack them. This lab
was the result.

Seeing as I've already played with Redis for some development work I decided to
go with MongoDB here. I have built two different scenarios in this lab, an
equivalent of the SQLi " or 1=1" vulnerability and also a new type of attack,
which is specific to NoSQL, script injection. I might add more later but these
were good for a start.

For more information see the full write up on my site:

https://digi.ninja/projects/nosqli_lab.php