Giters

an0nlk / Nosql-MongoDB-injection-username-password-enumeration

Using this script, you can enumerate Usernames and passwords of Nosql(mongodb) injecion vulnerable web applications.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ctfctf-challengesctf-toolsenumerationmongodbmongodb-injectionnosqlnosql-injectionpasswordcracksqlsqlinjectionuserpass-checker

Nosql injection username and password enumeration script

Using this script, we can enumerate Usernames and passwords of Nosql(mongodb) injecion vulnerable web applications.

Exploit Title: Nosql injection username/password enumeration.
Author: Kalana Sankalpa (Anon LK).
Website: https://blogofkalana.wordpress.com/2019/11/14/nosql-injection-username-and-password-enumeration/

How to run

Usage

nosqli-user-pass-enum.py [-h] [-u URL] [-up parameter] [-pp parameter] [-op parameters] [-ep parameter] [-sc character] [-m Method]

Example

python nosqli-user-pass-enum.py -u http://example.com/index.php -up username -pp password -ep username -op login:login,submit:submit

Arguments

Arguments Description
-h, --h show this help message and exit
-u URL Form submission url. Eg: http://example.com/index.php
-up parameter Parameter name of the username. Eg: username, user
-pp parameter Parameter name of the password. Eg: password, pass
-op parameters Other paramters with the values. Separate each parameter with a comma(,).
Eg: login:Login, submit:Submit
-ep parameter Parameter that need to enumarate. Eg: username, password
-m Method Method of the form. Eg: GET/POST

alt test

alt test

alt test

About

Using this script, you can enumerate Usernames and passwords of Nosql(mongodb) injecion vulnerable web applications.

ctfctf-challengesctf-toolsenumerationmongodbmongodb-injectionnosqlnosql-injectionpasswordcracksqlsqlinjectionuserpass-checker

Languages

Language:Python 100.0%