Update docs with NoSQL example

francoatmega · Aug 23, 2017 · 92395da · 92395da
1 parent e8f5726
commit 92395da
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/app/views/tutorial/a1.html b/app/views/tutorial/a1.html
@@ -237,6 +237,7 @@ <h5>2. NoSQL Injection</h5>
                             <code>true</code>.</p>
                         <p>The same results can be achieved using other comparison operator such as
                             <code>$ne</code>.</p>
+                        <p>The demo application is vulnerable to the NoSQL Injection. For example, on the Allocations page, running a search with a malicious input `1'; return 1 == '1` retrieves allocations for all the users in the database.</p>
                     </div>
                 </div>