Detections
Analytics
NoSQL Injection Authentication Bypass
Description
A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation.
This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of further server components.
Scanner discovered that the affected page and parameter are vulnerable. This injection was detected as scanner was able to discover known error messages within the server's response.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable.io-WAS | Web Applications | Authenticated Scan | HTTP/HTTPS | NoSQL Injection | Plugin ID: 113337 |
References
Attack Path Technique Details
Framework: OWASP
Family: Injection
Technique: NoSQL Injection
Sub-Technique: NoSQL Injection Authentication Bypass
Platform: Web Application
Products Required: Tenable.io-WAS
Tenable Release Date: 2022 Q2