cyberneticlibrary
← library

Detect NoSQL injection and auth bypasses

hunt-nosqliskillsetup L31,791
elementalsouls/Claude-BugHunter
What it does

Identify MongoDB, CouchDB, and JSON query language injection vulnerabilities

Best for

Extracting data from NoSQL services when parametrized queries are not used.

Inputs
  • · NoSQL endpoint
  • · Injection payload
  • · Query parameter
Outputs
  • · Query bypass payload
  • · Data exfil proof
Requires
  • · curl
  • · Burp
  • · mitmproxy
Preconditions
  • · NoSQL database detected
  • · Query construction point identified
Failure modes
  • · Query syntax rejected
  • · Operator filter in place
Trust signals
  • · $ne operator bypass
  • · Array merge injection