Mongodb is vulnerable to SQL injection in PHP at least
来源:互联网 发布:决策树算法原理 编辑:程序博客网 时间:2024/06/14 13:57
refer uri: http://www.idontplaydarts.com/2010/07/mongodb-is-vulnerable-to-sql-injection-in-php-at-least/
Its a common misconception that as MongoDB does not use SQL it is not vulnerable to SQL injection attacks. PHP uses objects rather than SQL to pass queries to the MongoDB server; for example the following script selects an item form MongoDB where the username equals ‘bob’ and the password equals ‘password’.
"username" => $_GET['username'],
"passwd" => $_GET['passwd']
));
This is equivalent to the SQL syntax
WHERE username=" . $_GET['username'] . ",
AND passwd=" . $_GET['passwd'])
In a normal SQL injection attack we can replace either of the two input parameters with a string such that the SQL query always returns true. e.g.
That wont work with MongoDB; however if we can pass in an object to the PHP MongoDB driver we could alter the query in a similar fashion. Luckily PHP provides us with a way to pass objects as GET or POST parameters:
This creates the MongoDB query
"username" => "admin",
"passwd" => array("$ne" => 1)
));
Which is the equivalent to the following SQL statement which, unless the password is “1″ will always return true.
WHERE username="admin",
AND passwd!=1
The solution is to ensure your variables are properly typed before they are passed into the MongoDB driver. The following code is not vulnerable to MongoDB injection:
"username" => (string)$_GET['username'],
"passwd" => (string)$_GET['passwd']
));
- Mongodb is vulnerable to SQL injection in PHP at least
- "maximum open file descriptors" is set to at least 65536
- What’s the Right Way to Prevent SQL Injection in PHP Scripts?
- In-Memory Computing Is Big Data's Best Friend, at Least for Some Enterprises
- Sql injection in DB2
- web.xml 中报错:Start state is missing. Add at least one state to the flow
- Start state is missing. Add at least one state to the flow
- [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
- Specified value of MEMORY_TARGET is too small, needs to be at least 3072M解决办法
- max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
- How can I prevent SQL-injection in PHP?
- This file requires _WIN32_WINNT to be #defined at least to XXX1. Value XXX1 or higher is recomme
- This file requires _WIN32_WINNT to be #defined at least to 0x0403. Value 0x0501 or higher is recomme
- error : This file requires _WIN32_WINNT to be #defined at least to 0x0403. Value 0x0501 or higher is
- This file requires _WIN32_WINNT to be #defined at least to 0x0403. Value 0x0501 or higher is recomme
- At least one valid code-source or import-shared-library element is required for shared-library "global.libraries" in /embedded-
- Primary Defenses to SQL Injection
- Error: At least one module has an unresolved import due to a missing export function in an implicitl
- Oracle卸载
- 为你的输入框或者搜索框提供语音输入功能(超酷超装逼超折腾的功能)
- HTTP中Get和Post方式的区别
- memset用法详解
- automake 之 helloworld 实例[转]
- Mongodb is vulnerable to SQL injection in PHP at least
- memcmp,memicmp函数
- GCD介绍(三): Dispatch Sources
- oracle添加用户,赋权,修改密码,解锁,删除
- memcpy,memccpy,memmove函数
- 获取系统时间和AMPM
- 存储过程中“ 警告: 聚合或其他 SET 操作消除了 Null 值” 导致错误的解决
- errno.h
- 我的java思想003:如何在窗口中画出图形