TCP 27017: MongoDB

MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas. MongoDB is developed by MongoDB Inc. and licensed under the Server Side Public License.
-- Wikipedia

Terms

Collections are like tables
Documents are like rows
Fields are like columns

Common operators

$eq
$ne
$gt
$where
$exists
$regex

Basic commands

Show databases

show databases

Select database

use <database>

Create database

use <database>

Create collection

db.createCollection("<collection>")

Show collections

db.getCollectionNames()

Create document

db.<collection>.insert(<json>)

Query collection

db.<collection>.find()

Update document

db.<collection>.update(<where-json>, { $set: <update-json> })

Delete document

db.<collection>.remove(<where-json>)

NoSQL injection

Via JSON

Use e.g. { "$ne": "whatever" } as password to bypass login logic.

Via requests

Inject $ne in GET param ?username[$ne]=name to invert the logic.

PreviousTCP 6379: Redis NextUDP

Last updated 4 years ago

hashtagTerms

hashtagCommon operators

hashtagBasic commands

hashtagNoSQL injection

hashtagVia JSON

hashtagVia requests