4.0
1NSchAb
1NSchAb
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
131<br />
Web Application Penetration Testing<br />
directly into the MongoDB query without sanitization.<br />
b.myCollection.find( { active: true, $where: function() { return<br />
obj.credits - obj.debits < $userInput; } } );;<br />
As with testing other types of injection, one does not need to fully<br />
exploit the vulnerability to demonstrate a problem. By injecting<br />
special characters relevant to the target API language, and observing<br />
the results, a tester can determine if the application correctly<br />
sanitized the input. For example within MongoDB, if a string<br />
containing any of the following special characters were passed<br />
unsanitized, it would trigger a database error.<br />
‘ “ \ ; { }<br />
With normal SQL injection, a similar vulnerability would allow an<br />
attacker to execute arbitrary SQL commands - exposing or manipulating<br />
data at will. However, because JavaScript is a fully featured<br />
language, not only does this allow an attacker to manipulate data,<br />
but also to run arbitrary code. For example, instead of just causing<br />
an error when testing, a full exploit would use the special characters<br />
to craft valid JavaScript.<br />
This input 0;var date=new Date(); do{curDate = new Date();}<br />
while(curDate-date