Skip to content

Using this script, you can enumerate Usernames and passwords of Nosql(mongodb) injecion vulnerable web applications.

Notifications You must be signed in to change notification settings

an0nlk/Nosql-MongoDB-injection-username-password-enumeration

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 

Repository files navigation

Nosql injection username and password enumeration script

Using this script, we can enumerate Usernames and passwords of Nosql(mongodb) injecion vulnerable web applications.

Exploit Title: Nosql injection username/password enumeration.
Author: Kalana Sankalpa (Anon LK).
Website: https://blogofkalana.wordpress.com/2019/11/14/nosql-injection-username-and-password-enumeration/

How to run

Usage

nosqli-user-pass-enum.py [-h] [-u URL] [-up parameter] [-pp parameter] [-op parameters] [-ep parameter] [-sc character] [-m Method]

Example

python nosqli-user-pass-enum.py -u http://example.com/index.php -up username -pp password -ep username -op login:login,submit:submit

Arguments

Arguments Description
-h, --h show this help message and exit
-u URL Form submission url. Eg: http://example.com/index.php
-up parameter Parameter name of the username. Eg: username, user
-pp parameter Parameter name of the password. Eg: password, pass
-op parameters Other paramters with the values. Separate each parameter with a comma(,).
Eg: login:Login, submit:Submit
-ep parameter Parameter that need to enumarate. Eg: username, password
-m Method Method of the form. Eg: GET/POST

alt test

alt test

alt test

About

Using this script, you can enumerate Usernames and passwords of Nosql(mongodb) injecion vulnerable web applications.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages