Types of Injection
There are two types of NoSQL injection
Syntax Injection
Here we can break out of the query being executed and inject our own malicious payload
Operator Injection
We can inject a NoSQL query operator to manipulate the query's behavior.
Injection in NoSQL is different than SQLi in a sense that here structured arrays are used as queries unlike in SQL where strings were used. Hence to inject custom payloads we will have to inject arrays.
Last updated