MongoDB NoSQL注入
我正在将MongoDB 4.2和Express> 4一起使用。
我正在尝试使用node.js执行NoSQL注入。这是具有用户名和密码的表单的。ejs代码:
<body>
<form action="/login_db/login_db" method="POST" >
<input placeholder="name" name="name"> </br>
<input placeholder="password" name="password"> </br>
<input type="submit" value="submit" id="submit">
</form>
</body>
我有一个本地MongoDB数据库,该数据库具有允许通过数据库访问的用户。这是。js代码:
const MongoClient = require("mongodb").MongoClient;
const ObjectID = require('mongodb').ObjectID;
const dbname = "mydb";
const url = "mongodb://localhost:27017";
const mongoOptions = {useNewUrlParser : true};
const state = {
db : null
};
const connect = (cb) =>{
if(state.db)
cb();
else{
MongoClient.connect(url,mongoOptions,(err,client)=>{
if(err)
cb(err);
else{
state.db = client.db(dbname);
cb();
}
});
}
}
const getPrimaryKey = (_id)=>{
return ObjectID(_id);
}
const getDB = ()=>{
return state.db;
}
module.exports = {getDB,connect,getPrimaryKey};
这是。js login_db-route.js:
"use strict"
const router = require('express').Router();
const db = require("../db");
const mongoose = require('mongoose');
const passport = require('passport');
const express = require('express');
const collection = "amministrazione";
const app = express()
const path = require('path');
var bodyParser = require('body-parser')
router.get('/login_db', function(req,res){
console.log('login request');
var cursor = db.getDB().collection(collection).find().toArray(function(err, results) {
res.render('login_db.ejs', {quotes: results, user: req.user});
});
});
router.post('/login_db', function (req, res) {
console.log('login post request');
var name = req.body.name;
var password = req.body.password;
db.getDB().collection(collection).findOne({"name" : name, "password" : password}, (err, result) =>{
if(result == null || result.length == 0){
console.log('user not found '+ err);
return res.render('login_db.ejs',{user: req.user});
}
console.log('User found' + result);
db.getDB().collection(collection).find().toArray((err, result)=>{
if(err) return console.log(err)
res.render('book.ejs', {quotes:result,user: req.user, flag: true});
})
})
});
module.exports = router;
我编写的代码容易受到nosql注入的攻击,但是当我尝试将MongoDB有效负载插入表单时,例如:
{ $gt : "a" }
{ $gt : "a" }
我无法成功登录。问题出在哪儿?有没有办法不考虑“吗?
感谢任何帮助过我的人。
回答如下:这是您的代码。
var name = req.body.name;
var password = req.body.password;
db.getDB().collection(collection).findOne({"name" : name, "password" : password});
如果传递这些参数,则mongodb查询将是这样。
db.getDB().collection(collection).findOne({"name" : "{ $gt : \"a\" }", "password" : "{ $gt : \"a\" }"});
如果您想将这些参数作为查询而不是字符串进行传递,则可以添加一些这样的代码。
var name = req.body.name;
var password = req.body.password;
try {
name = JSON.parse(name);
} catch (e){}
try {
password = JSON.parse(password);
} catch (e){}
db.getDB().collection(collection).findOne({"name" : name, "password" : password });
MongoDB NoSQL注入
我正在将MongoDB 4.2和Express> 4一起使用。
我正在尝试使用node.js执行NoSQL注入。这是具有用户名和密码的表单的。ejs代码:
<body>
<form action="/login_db/login_db" method="POST" >
<input placeholder="name" name="name"> </br>
<input placeholder="password" name="password"> </br>
<input type="submit" value="submit" id="submit">
</form>
</body>
我有一个本地MongoDB数据库,该数据库具有允许通过数据库访问的用户。这是。js代码:
const MongoClient = require("mongodb").MongoClient;
const ObjectID = require('mongodb').ObjectID;
const dbname = "mydb";
const url = "mongodb://localhost:27017";
const mongoOptions = {useNewUrlParser : true};
const state = {
db : null
};
const connect = (cb) =>{
if(state.db)
cb();
else{
MongoClient.connect(url,mongoOptions,(err,client)=>{
if(err)
cb(err);
else{
state.db = client.db(dbname);
cb();
}
});
}
}
const getPrimaryKey = (_id)=>{
return ObjectID(_id);
}
const getDB = ()=>{
return state.db;
}
module.exports = {getDB,connect,getPrimaryKey};
这是。js login_db-route.js:
"use strict"
const router = require('express').Router();
const db = require("../db");
const mongoose = require('mongoose');
const passport = require('passport');
const express = require('express');
const collection = "amministrazione";
const app = express()
const path = require('path');
var bodyParser = require('body-parser')
router.get('/login_db', function(req,res){
console.log('login request');
var cursor = db.getDB().collection(collection).find().toArray(function(err, results) {
res.render('login_db.ejs', {quotes: results, user: req.user});
});
});
router.post('/login_db', function (req, res) {
console.log('login post request');
var name = req.body.name;
var password = req.body.password;
db.getDB().collection(collection).findOne({"name" : name, "password" : password}, (err, result) =>{
if(result == null || result.length == 0){
console.log('user not found '+ err);
return res.render('login_db.ejs',{user: req.user});
}
console.log('User found' + result);
db.getDB().collection(collection).find().toArray((err, result)=>{
if(err) return console.log(err)
res.render('book.ejs', {quotes:result,user: req.user, flag: true});
})
})
});
module.exports = router;
我编写的代码容易受到nosql注入的攻击,但是当我尝试将MongoDB有效负载插入表单时,例如:
{ $gt : "a" }
{ $gt : "a" }
我无法成功登录。问题出在哪儿?有没有办法不考虑“吗?
感谢任何帮助过我的人。
回答如下:这是您的代码。
var name = req.body.name;
var password = req.body.password;
db.getDB().collection(collection).findOne({"name" : name, "password" : password});
如果传递这些参数,则mongodb查询将是这样。
db.getDB().collection(collection).findOne({"name" : "{ $gt : \"a\" }", "password" : "{ $gt : \"a\" }"});
如果您想将这些参数作为查询而不是字符串进行传递,则可以添加一些这样的代码。
var name = req.body.name;
var password = req.body.password;
try {
name = JSON.parse(name);
} catch (e){}
try {
password = JSON.parse(password);
} catch (e){}
db.getDB().collection(collection).findOne({"name" : name, "password" : password });