What's this repo?

This repo aims to contain wordlists with payloads for NoSQL Injections.

Support this project

Support this project (to solve issues, new features...) by applying the Github "Sponsor" button.

What's contains currently?

Currently only has MongoDB payloads.

Can I contribute?

Of course!! Your contribution are welcome. Send me a Pull Request.

References

Here some references that I found useful:

• https://arxiv.org/pdf/1506.04082.pdf
• https://pentesterlab.com/exercises/web_for_pentester_II/course
• https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_sql_and_nosql_injection.html
• https://www.defcon.org/images/defcon-21/dc-21-presentations/Chow/DEFCON-21-Chow-Abusing-NoSQL-Databases.pdf
• https://www.imperva.com/blog/nosql-ssji-authentication-bypass/ for a php nosql authentication bypass
• https://gitlab.com/pentest-tools/PayloadsAllTheThings/tree/master/NoSQL%20Injection#authentication-bypass