NoSQLi Lab
With the rise in popularity of NoSQL I figured it was time to build a lab so I could have a play with the different techniques used to attack them. This lab was the result.
Seeing as I've already played with Redis for some development work I decided to
go with MongoDB here. I have built two different scenarios in this lab, an
equivalent of the SQLi " or 1=1"
vulnerability and also a new type of attack,
which is specific to NoSQL, script injection. I might add more later but these
were good for a start.
For more information see the full write up on my site: