You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What potential is there for NoSQL injection in LiteDB?
Obviously it's not SQL so traditional SQL injection isn't possible, but NoSQL injection is a similar concept. This apparently can often be by syntax injection such as injecting payloads to affect the syntax (cause a delete during a get query, or dump an entire unrelated collection, for example), or operator injection to use known operators in a query param to manipulate the query. Also injections that generate errors that can reveal information useful to a hacker or create a denial of service.
Is there any document or statement on NoSQL injection in LiteDB, and where there is potential what filters we should use on user inputs?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
What potential is there for NoSQL injection in LiteDB?
Obviously it's not SQL so traditional SQL injection isn't possible, but NoSQL injection is a similar concept. This apparently can often be by syntax injection such as injecting payloads to affect the syntax (cause a delete during a get query, or dump an entire unrelated collection, for example), or operator injection to use known operators in a query param to manipulate the query. Also injections that generate errors that can reveal information useful to a hacker or create a denial of service.
Is there any document or statement on NoSQL injection in LiteDB, and where there is potential what filters we should use on user inputs?
Beta Was this translation helpful? Give feedback.
All reactions