NoSQL Injection


A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber - criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of further server components. Scanner discovered that the affected page and parameter are vulnerable.This injection was detected as scanner was able to discover known error messages within the server 's response.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Web App ScanningWeb ApplicationsAuthenticated ScanHTTP/HTTPSNoSQL InjectionPlugin ID: 98116


NoSQL Injection

Attack Path Technique Details

Framework: OWASP

Family: Injection

Technique: NoSQL Injection

Sub-Technique: NoSQL Injection

Platform: Web Application

Products Required: Tenable Web App Scanning

Tenable Release Date: 2022 Q2