This repo aims to contain wordlists with payloads for NoSQL Injections.
Currently only has MongoDB payloads.
Of course!! Your contribution are welcome. Send me a Pull Request.
Here some references that I found useful:
- https://arxiv.org/pdf/1506.04082.pdf
- https://pentesterlab.com/exercises/web_for_pentester_II/course
- https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_sql_and_nosql_injection.html
- https://www.defcon.org/images/defcon-21/dc-21-presentations/Chow/DEFCON-21-Chow-Abusing-NoSQL-Databases.pdf
- https://www.imperva.com/blog/nosql-ssji-authentication-bypass/ for a php nosql authentication bypass