Portswigger - NoSQL injection - Lab #2 Exploiting NoSQL operator injection to bypass authentication скачать в хорошем качестве

Portswigger - NoSQL injection - Lab #2 Exploiting NoSQL operator injection to bypass authentication

Hello Hackers, in this video of Exploiting NoSQL operator injection to bypass authentication you will see how to exploit and discover NoSQL injection vulnerabilities in a lab from Web Security Academy powered by Portswigger ⚠️ Subscribe to my channel ➡️ @popo_hack ⚠️ 0:00 - About the Lab 1:52 - Exploit NoSQL injection input 3:36 - Use $ne operator to bypss the password field 5:26 - Use $in operator to bypss the username field 6:28 - Use $nin operator to bypss the username field 6:52 - Use $regrex operator to bypss the username field 🔍 About the Lab Lab: Exploiting NoSQL operator injection to bypass authentication Level: Apprentice This lab has a login functionality for this lab is powered by a MongoDB NoSQL database. It is vulnerable to NoSQL injection using MongoDB operators.application to display unreleased products. To solve the lab, log into the application as the administrator user. 🔗 Resources MongoDB operators documentation: https://www.mongodb.com/docs/manual/r... ✅ What to do ? 1. In Burp's browser, log in to the application using the credentials wiener:peter. 2. In Burp, go to "Proxy" than "HTTP history". Right-click the POST /login request and select Send to Repeater. 3. In Repeater, test the username and password parameters to determine whether they allow you to inject MongoDB operators: 3.1. Change the value of the username parameter from "wiener" to {"$ne":""}, then send the request. Notice that this enables you to log in. 3.2. Change the value of the username parameter from {"$ne":""} to {"$regex":"wien.*"}, then send the request. Notice that you can also log in when using the $regex operator. 3.3. With the username parameter set to {"$ne":""}, change the value of the password parameter from "peter" to {"$ne":""}, then send the request again. Notice that this causes the query to return an unexpected number of records. This indicates that more than one user has been selected. 4. With the password parameter set as {"$ne":""}, change the value of the username parameter to {"$regex":"admin.*"}, then send the request again. Notice that this successfully logs you in as the admin user. 5. Right-click the response, then select Show response in browser. Copy the URL. 6. Paste the URL into Burp's browser to log in as the administrator user. The lab is solved. Thank you for watching my video, if you have any questions or any topics recommendation feel free to write them on the comment below 🙋 #WebSecurityAcademy #portswigger #nosql #vulnerability