View Attack Vector

General Information

Mongo NoSQL Injection 2014 Variant

Variants:
Direct Persistent Session

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation, Syntax Escaping, Database Access

Invented In:
02/09/2014

Added In:
28/11/2014

Vector Operation Method:
Malicious inputs can affect the structure of code used to access mongo-db databases

Direct Variant:

Mongo NoSQL Injection

Variant Title:
Mongo NoSQL Injection

Typical Severity:
Major

Resources:

White Papers:

Paper I

Learn More:

Persistent Variant:

Stored Mongo NoSQL Injection

Also Known As:
Persistent Mongo NoSQL Injection

Typical Severity:
Major

Resources:

White Papers:

Learn More:

Session Variant:

Mongo NoSQL Injection via Session Puzzling

Also Known As:
Session Mongo NoSQL Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More: