You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a Test that tries to hack the database, in exposing information you do not have access to
Create a suite of "hack attempts" that try to break the system
Write code until they get fixed.
Test exposure more, at deeper levels, try to hack it.
Try to hack the aggregate pipeline. Analize the code first.
Hacking ideas:
users: {
$filters: { $or: { '_id': {$exists: true} } } // see if it bypasses our filters
comments: {
$filters: { $or: {'_id': {$exists: true} }; // check if sublinks of any kind can be filter bypassed
// this means one,many,one-meta,many-meta,resolver.
}
}
users: {
$limit: -1 // see what that does
comments: {
$options: {sort: [some-hack-to-the-pipeline], limit: [same]},
$filters: { $not: { userId: null } }
// try also to by pass via other logical operators $or $nor $not $and
}
}
The text was updated successfully, but these errors were encountered:
Try to hack the system:
Test exposure more, at deeper levels, try to hack it.
Try to hack the aggregate pipeline. Analize the code first.
Hacking ideas:
The text was updated successfully, but these errors were encountered: