Forum Discussion

anusha21's avatar
anusha21
Occasional Contributor
7 years ago

Security testing with NoSQL injections

HI all,

 

I am trying to do NoSQL injections as part of my security testing because we are using MongoDB ,

 

Would you help me on this how to do NoSQL Injections,

I tried below but seeing empty request and empty response in my custom Script

 

1. I add "Add Scan" and verified Parameters and noticed by default request as created as Parameter of type Request --> i ran my request and i am seeing valid requets and response 

Json request iam seeing as follows

{
"permissionName": "SecurityPName1",
"scopeObjectId": "SecuritySOID1",
"userId": "SecurityUID1"
}

 

And also i am saw valid response

 

2.  But this time i removed Parameter request and added as same as in my attachment 1

But i see no request and no response  (not sure why)

 

What i really wan to do is inject NoSQL to my request to do this i thought i can use custom script and add My parameter  values through the script (parameter names are actually taken from above jason script)

-->not sure whther this is possible or not, i looked at SOAPUI help documents but i couldn't figure-out the solution so please give me step by step solution using above json

 

Thanks

Anusha