Nosql-MongoDB-injection-username-password-enumeration icon indicating copy to clipboard operation
Nosql-MongoDB-injection-username-password-enumeration copied to clipboard

Published 20 hours ago verified publisher icon an0nlk

Metadata

Using this script, you can enumerate Usernames and passwords of Nosql(mongodb) injecion vulnerable web applications.

Nosql injection username and password enumeration script

Using this script, we can enumerate Usernames and passwords of Nosql(mongodb) injecion vulnerable web applications.

Exploit Title: Nosql injection username/password enumeration.
Author: Kalana Sankalpa (Anon LK).
Website: https://blogofkalana.wordpress.com/2019/11/14/nosql-injection-username-and-password-enumeration/

How to run

Usage

nosqli-user-pass-enum.py [-h] [-u URL] [-up parameter] [-pp parameter] [-op parameters] [-ep parameter] [-sc character] [-m Method]

Example

python nosqli-user-pass-enum.py -u http://example.com/index.php -up username -pp password -ep username -op login:login,submit:submit

Arguments

Arguments Description
-h, --h show this help message and exit
-u URL Form submission url. Eg: http://example.com/index.php
-up parameter Parameter name of the username. Eg: username, user
-pp parameter Parameter name of the password. Eg: password, pass
-op parameters Other paramters with the values. Separate each parameter with a comma(,).
Eg: login:Login, submit:Submit
-ep parameter Parameter that need to enumarate. Eg: username, password
-m Method Method of the form. Eg: GET/POST

alt test

alt test

alt test

Metadata

163
Stars
36
Forks
Watchers

Owner

verified publisher icon an0nlk

Metadata

Using this script, you can enumerate Usernames and passwords of Nosql(mongodb) injecion vulnerable web applications.

Back