How does it handle blind injection scenarios?

It utilizes boolean-based blind injection techniques, specifically using the $regex operator to extract data character-by-character based on application responses.

Does this require specific security tools?

While it provides manual curl-based workflows, it also integrates with professional tools like NoSQLMap, Burp Suite, and nosqli for comprehensive testing.

What databases are supported by this skill?

The skill primarily targets NoSQL databases like MongoDB, CouchDB, and Cassandra, focusing on query operator and JavaScript injection vulnerabilities.

Can this skill help with vulnerability remediation?

Yes, it provides clear remediation guidance such as using parameterized queries, implementing strict input type validation, and disabling server-side JavaScript execution.

NoSQL Injection Security Testing

Name: NoSQL Injection Security Testing
Author: mukul975

bymukul975

•

4,121

•

セキュリティとテスト

Identifies and exploits NoSQL injection vulnerabilities in web applications to assess database security and authentication resilience.

This skill empowers developers and security professionals to conduct deep-dive assessments of NoSQL databases like MongoDB and CouchDB. It provides structured workflows for identifying JSON-based injection points, performing authentication bypasses using operator injection, and executing sophisticated blind data extraction. By guiding users through both manual payload crafting and automated scanning tools like NoSQLMap, it helps uncover critical risks such as server-side JavaScript execution and unauthorized data access in modern API-driven applications.

主な機能

01JavaScript injection testing through the $where operator

024,121 GitHub stars

03Authentication bypass techniques using $ne, $gt, and $exists operators

04Blind data extraction via character-by-character regex injection

05Detection of JSON and URL-based NoSQL injection points

06Automated vulnerability scanning integration with NoSQLMap

ユースケース

01Security code reviews to ensure proper database query sanitization

02Bug bounty hunting to identify unauthorized data access and privilege escalation

03Penetration testing of MongoDB-backed web applications and JSON APIs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills exploiting-nosql-injection-vulnerabilities

For use in Claude.ai and ChatGPT

主な機能

01JavaScript injection testing through the $where operator

024,121 GitHub stars

03Authentication bypass techniques using $ne, $gt, and $exists operators

04Blind data extraction via character-by-character regex injection

05Detection of JSON and URL-based NoSQL injection points

06Automated vulnerability scanning integration with NoSQLMap

ユースケース

01Security code reviews to ensure proper database query sanitization

02Bug bounty hunting to identify unauthorized data access and privilege escalation

03Penetration testing of MongoDB-backed web applications and JSON APIs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills exploiting-nosql-injection-vulnerabilities

For use in Claude.ai and ChatGPT