Security testing with NoSQL injections
HI all,
I am trying to do NoSQL injections as part of my security testing because we are using MongoDB ,
Would you help me on this how to do NoSQL Injections,
I tried below but seeing empty request and empty response in my custom Script
1. I add "Add Scan" and verified Parameters and noticed by default request as created as Parameter of type Request --> i ran my request and i am seeing valid requets and response
Json request iam seeing as follows
{
"permissionName": "SecurityPName1",
"scopeObjectId": "SecuritySOID1",
"userId": "SecurityUID1"
}
And also i am saw valid response
2. But this time i removed Parameter request and added as same as in my attachment 1
But i see no request and no response (not sure why)
What i really wan to do is inject NoSQL to my request to do this i thought i can use custom script and add My parameter values through the script (parameter names are actually taken from above jason script)
-->not sure whther this is possible or not, i looked at SOAPUI help documents but i couldn't figure-out the solution so please give me step by step solution using above json
Thanks
Anusha