Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Account takeover due to blind MongoDB injection in password reset
Benoit Côté-JodoinPosted 6 Years Ago- While normal SQLi is quite popular, No SQL is starting to become more of an issue.
- In this case, the parameter not being sanitized was being put into a query. This query could be dynamically altered by adding NoSQL operators to it.
- Although this is blind, the discovery of this was via source code analysis.
