In this tutorial, we will see how we can bypass NoSQL (MongoDB) in Extreme Vulnerable Node Application (XVNA). In normal SQL injection, we have few special characters which could use to find the vulnerability and so we have for NoSql.
Most of the times the developer do not send stack trace so it is kind of blind injection.
In SQL injection we generally use '
single quote for checking injection, and few other steps to know it.
In NoSql we use and few other.
So watch this video to know how we did the NoSql injection in Extreme Vulnerable Node Application (XVNA)
Extreme vulnerable node application is available at Github https://github.com/vegabird/xvna and you can download it and test in your localhost.
We need to sanitize the input or data validation which could cause the injection.