An application to demo NoSQL Injection attack on MongoDB
- Java 6+
- MongoDB
- Maven 3
- Make sure your mongoDB server is up and running. If MongoDB requires authentication, please make corresponding changes to
NoSQLDatabase.java - Execute maven goal
mvn jetty:run. This will start jetty server. By default it will reload changes (if any) every one second. - Visit http://localhost:8080. And try following searches
RobbRobb', 'address':'KingslayerRobb', $where: 'function(){print("Testing"); return this.name == "Robb"}'})Robb', $where: 'function(){sleep(5000); return this.name == "Robb"}'})Robb', name:{$ne:'Robb'}, address:'Kingslayer