Hi, when running a test against a node app the first part is working fine but when I try to run timing based test it crashes... please see the run below:
Checking to see if site at 127.0.0.1:49090/ is up...
App is up!
List of parameters:
1-user
2-pass
Which parameter should we inject? 1
Injecting the user parameter...
Baseline test-Enter random string size: 6
What format should the random string take?
1-Alphanumeric
2-Letters only
3-Numbers only
4-Email address
Select an option: 1
Using 8uiMZd for injection testing.
Sending random parameter value...
Got response length of 78.
No change in response size injecting a random parameter..
Test 1: PHP/ExpressJS != associative array injection
Injection failed.
Test 2: PHP/ExpressJS > Undefined Injection
Injection failed.
Test 3: $where injection (string escape)
Possible injection.
Test 4: $where injection (integer escape)
Possible injection.
Test 5: $where injection string escape (single record)
Possible injection.
Test 6: $where injection integer escape (single record)
Possible injection.
Test 7: This != injection (string escape)
Possible injection.
Test 8: This != injection (integer escape)
Possible injection.
Start timing based tests (y/n)? y
Starting Javascript string escape time based injection...
Traceback (most recent call last):
File "nosqlmap.py", line 469, in <module>
main()
File "nosqlmap.py", line 51, in main
mainMenu()
File "nosqlmap.py", line 112, in mainMenu
nsmweb.postApps(victim,webPort,uri,https,verb,postData,requestHeaders)
File "/Users/odinn/InfoSec/NoSQLMap/nsmweb.py", line 635, in postApps
conn = urllib2.urlopen(req,body)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1227, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1200, in do_open
r = h.getresponse(buffering=True)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1132, in getresponse
response.begin()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 453, in begin
version, status, reason = self._read_status()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 417, in _read_status
raise BadStatusLine(line)
httplib.BadStatusLine: ''
NoSQLMap➜ NoSQLMap git:(stable) ✗
Just in case you will need it as well i set it up to run on 127.0.0.1 with port 49090 (this is the port that the docker exposes) and path "/" (the index is the page) and with 2 post params and ran the attack on the first one.
Thanks.
Hi, when running a test against a node app the first part is working fine but when I try to run timing based test it crashes... please see the run below:
Just in case you will need it as well i set it up to run on 127.0.0.1 with port 49090 (this is the port that the docker exposes) and path "/" (the index is the page) and with 2 post params and ran the attack on the first one.
Thanks.