Skip to content

ircashem/mongodb_nosql_injection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
screenshot
screenshot
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
nosql_inject_user_pass_mongodb.py
nosql_inject_user_pass_mongodb.py
 
 

Repository files navigation

mongodb_nosql_injection

Blind Nosql injection leads to username/password enumeration in MongoDB using $(regex) and $(ne).

This python script can enumerate all available usernames and passwords from a mongodb database using nosql injection.

Exploit Title: Blind Nosql injection leads to username/password enumeration in MongoDB using $(regex) and $(ne)

Author: Rahul Kumar

github: https://github.com/ircashem

Blog: https://ircashem.github.io

How to run:

Usage:

nosql_inject_user_pass_mongodb.py [-h] [-u URL] [-e Parameter 2 enumerate]

Example:

python  nosql_inject_user_pass_mongodb.py -u http://example.com/index.php -e username

Usage image:

Usage

Sample image:

Sample

About

Blind Nosql injection leads to username/password enumeration in MongoDB using $(regex) and $(ne)

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages