Before we move on to the MongoDb injections, we must understand what MongoDb exactly is and why we prefer it over other databases. As MongoDb does not use SQL people assumed it is not vulnerable to any kind of injection attacks. But believe me, no one is born with inbuilt security aspects. We have to implement some logic in order to prevent attacks.
What is MongoDb?
In short MongoDb is an open-source database developed by MongoDb Inc., which stores data in JSON-like documents that can vary in structure. Here related information is stored together for fast query access through the MongoDb query language.
Why to use MongoDb?
Just because everyone wants quick results of the queries,MongoDb is most popular. It gives very high performance (1000 millionsquries/sec). Another reason why MongoDb is more popular is because it excels in many use cases where relational databases aren’t a good fit.For example,applications with unstructured, semi-structured and polymorphic data, as well as applications with large scalability requirements or multi-data center deployments.
Stop! Before go further, If you run any open source application. We are providing a free PenTest for open source projects. Submit your application for evaluation here.
Oops..!! It dumped the entire database for us. Can you figure out what went wrong with it? This happened because the inputhttp://localhost/mongo/show.php?u_id[$ne]=2
created the following MongoDb query.
$qry= array(“id” => array(“$ne” => 2))
So accordingly it displayed all the results except id=2 which can be seen from snapshot 1.
Let’s consider another case where the script does the same work as earlier, but in this case we’ll create MongoDb query with findOne method.
We’ll first have a quick look at the working of the findOne method. This method has the following syntax:
This returns the document that satisfies the specified query criteria. For example if we need to find the result associated with id=2,the following command will be fired.
MongoDB security – Injection attacks with php