NOSQL Injection

Similar to SQL depenedent applications, NoSQL applications can also be subjected to injection based attacks. In order to be able to exploit the database, you should first be able to do successful recon to identify the type of NoSQL database that backs the applications. This is important since the syntax of the attack depends highly on this information.

Once this piece of information is available, then the injection can be crafted for various purposes such as further enumeration, bypass authentication, code execution, etc.