With the rise in popularity of NoSQL I figured it was time to build a lab so I could have a play with the different techniques used to attack them. This lab was the result. Seeing as I've already played with Redis for some development work I decided to go with MongoDB here. I have built two different scenarios in this lab, an equivalent of the SQLi " or 1=1" vulnerability and also a new type of attack, which is specific to NoSQL, script injection. I might add more later but these were good for a start. For more information see the full write up on my site: https://digi.ninja/projects/nosqli_lab.php