"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB

[jitendra-90]

Describe the bug

"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB

Steps to reproduce the behavior

"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB

Expected behavior

"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB

Software versions

2.14.0

Screenshots

No response

Errors from the zap.log file

No response

Additional context

No response

Would you like to help fix this issue?

• Yes

[thc202]

Please provide more details of the alert.

[jitendra-90]

Bellow is the description of alert while we are not using MongoDb in our application
High Alert --> NoSQL Injection - MongoDB
Description --> MongoDB query injection may be possible.
Attack --> cloud-shape-dark.png[$ne]
Other Info --> In some PHP or NodeJS based back end implementations, in order to obtain sensitive data
it is possible to inject the "[$ne]" string (or other similar ones) that is processed as an
associative array

[jitendra-90]

How can I try this to attack by Zap Tool

[psiinon]

That is not enough information for us to work with.
We will need the full alert details, including the relevant request and response.
Feel free to obfuscate any sensitive information.

[jitendra-90]

I am attaching alert screenshot, please have a look