You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
Select an option: 3
Web App Attacks (POST)
Checking to see if site at localhost:9000/login is up...
App is up! Got response length of 993 and response time of 0.0 seconds. Starting injection test.
List of parameters:
1-user
2-pass
Which parameter should we inject? 2
Injecting the pass parameter...
Baseline test-Enter random string size: 3
What format should the random string take?
1-Alphanumeric
2-Letters only
3-Numbers only
4-Email address
Select an option: 1
Using OxQ for injection testing.
Got response length of 993.
No change in response size injecting a random parameter..
Testing Mongo PHP not equals associative array injection using {'pass[$ne]': 'OxQ', 'user': 'admin'}...
Random string response size and not equals injection were the same. Injection did not work.
Testing PHP/ExpressJS >Undefined Injection using {'pass[$gt]': '', 'user': 'admin'}...
Random string response size and not equals injection were the same. Injection did not work.
Testing Mongo <2.4 $where all Javascript string escape attack for all records...
Injecting {'pass[$gt]': '', 'user': 'admin', 'pass': "a'; return db.a.find(); var dummy='!"}
Traceback (most recent call last):
File "/usr/local/bin/nosqlmap.py", line 4, in import('pkg_resources').run_script('NoSQLMap==0.7', 'nosqlmap.py')
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 742, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 1510, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nosqlmap.py", line 457, in
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nosqlmap.py", line 41, in main
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nosqlmap.py", line 97, in mainMenu
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nsmweb.py", line 529, in postApps
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nsmweb.py", line 358, in getResponseBodyHandlingErrors
File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 429, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 447, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1228, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1201, in do_open
r = h.getresponse(buffering=True)
File "/usr/lib/python2.7/httplib.py", line 1121, in getresponse
response.begin()
File "/usr/lib/python2.7/httplib.py", line 438, in begin
version, status, reason = self._read_status()
File "/usr/lib/python2.7/httplib.py", line 402, in _read_status
raise BadStatusLine(line)
httplib.BadStatusLine: ''
root@kali:~/NoSQLMap#
The text was updated successfully, but these errors were encountered:
here is what i tried. Downloaded the MeanBug application (https://github.com/dbohannon/MEANBug) to try out NoSQLMap.
Configured as below and the tool crashed while running an injection run on one of the POST parameters
_ _ ___ ___ _ __ __
| | |/ |/ _ | | | / | _ _ __
| .
/ _ \__ \ (_) | |__| |\/| / _
| '||__//___|| |_,| .__/
v0.7 codingo@protonmail.com |_|
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
Select an option: 3
Web App Attacks (POST)
Checking to see if site at localhost:9000/login is up...
App is up! Got response length of 993 and response time of 0.0 seconds. Starting injection test.
List of parameters:
1-user
2-pass
Which parameter should we inject? 2
Injecting the pass parameter...
Baseline test-Enter random string size: 3
What format should the random string take?
1-Alphanumeric
2-Letters only
3-Numbers only
4-Email address
Select an option: 1
Using OxQ for injection testing.
Checking random injected parameter HTTP response size sending {'user': 'admin', 'pass': 'OxQ'}...
Got response length of 993.
No change in response size injecting a random parameter..
Testing Mongo PHP not equals associative array injection using {'pass[$ne]': 'OxQ', 'user': 'admin'}...
Random string response size and not equals injection were the same. Injection did not work.
Testing PHP/ExpressJS >Undefined Injection using {'pass[$gt]': '', 'user': 'admin'}...
Random string response size and not equals injection were the same. Injection did not work.
Testing Mongo <2.4 $where all Javascript string escape attack for all records...
Injecting {'pass[$gt]': '', 'user': 'admin', 'pass': "a'; return db.a.find(); var dummy='!"}
Traceback (most recent call last):
File "/usr/local/bin/nosqlmap.py", line 4, in
import('pkg_resources').run_script('NoSQLMap==0.7', 'nosqlmap.py')
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 742, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 1510, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nosqlmap.py", line 457, in
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nosqlmap.py", line 41, in main
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nosqlmap.py", line 97, in mainMenu
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nsmweb.py", line 529, in postApps
File "/usr/local/lib/python2.7/dist-packages/NoSQLMap-0.7-py2.7.egg/EGG-INFO/scripts/nsmweb.py", line 358, in getResponseBodyHandlingErrors
File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 429, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 447, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1228, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1201, in do_open
r = h.getresponse(buffering=True)
File "/usr/lib/python2.7/httplib.py", line 1121, in getresponse
response.begin()
File "/usr/lib/python2.7/httplib.py", line 438, in begin
version, status, reason = self._read_status()
File "/usr/lib/python2.7/httplib.py", line 402, in _read_status
raise BadStatusLine(line)
httplib.BadStatusLine: ''
root@kali:~/NoSQLMap#
The text was updated successfully, but these errors were encountered: