Javascript Injection Cheat Sheet



With the first online version of this cheat sheet. Javascript Context – Code Injection with Escape Bypass Use when input lands in a script block, inside a string delimited value but quotes are escaped by a backslash. '-alert(1)// Javascript Context – Code Injection in Logical Block.

NoSQL injection vulnerabilities allow attackers to inject code into commands for databases that don’t use SQL queries, such as MongoDB. NoSQL injection attacks can be especially dangerous because code is injected and executed on the server in the language of the web application, potentially allowing arbitrary code execution. Let’s see how NoSQL injection differs from traditional SQL injection and what you can do to prevent it.

A Quick Introduction to NoSQL

Even if you don’t work with databases, you’ve probably heard of NoSQL among the cloud-related buzzwords of the past few years. NoSQL (a.k.a. “non-SQL” or “not only SQL”) is a general term covering databases that don’t use the SQL query language. In practice, it’s used to refer to non-relational databases that are growing in popularity as the back-end for distributed cloud platforms and web applications. Instead of storing data in tables, as with relational databases, NoSQL data stores use other data models that are better suited for specific purposes, such as documents, graphs, objects, and many others.

Pentestmonkey Sql Injection Cheat Sheet

Javascript injection cheat sheet pdf

Interactive cross-site scripting (XSS) cheat sheet for 2021, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors. Online Interactive JavaScript (JS) Cheat Sheet. JavaScript Cheat Seet contains useful code examples on a single page. This is not just a PDF page, it's interactive! Find code for JS loops, variables, objects, data types, strings, events and many other categories. Popy-paste the code you need or just quickly check the JS syntax for your projects.

MongoDB, currently one of the most popular NoSQL database products, stores data as documents using a syntax similar to JSON (JavaScript Object Notation). Among other benefits, this allows developers to build full-stack applications using only JavaScript. We will use MongoDB queries to demonstrate how attackers can exploit unvalidated user input to inject code into a web application backed by a NoSQL database.

Why MongoDB Injection Is Possible

With traditional SQL injection, the attacker exploits unsafe user input processing to modify or replace SQL queries (or other SQL statements) that the application sends to a database engine. In other words, an SQL injection allows the attacker to execute commands in the database. Unlike relational databases, NoSQL databases don't use a common query language. NoSQL query syntax is product-specific and queries are written in the programming language of the application: PHP, JavaScript, Python, Java, and so on. This means that a successful injection lets the attacker execute commands not only in the database, but also in the application itself, which can be far more dangerous.

MongoDB uses the Binary JSON (BSON) data format and comes with a secure BSON query assembly tool. Queries are also represented as BSON objects (i.e. binary data), so direct string injection is not possible. However, MongoDB deliberately allows applications to run JavaScript on the server within the $where and mapReduce operations. The documentation is very clear that if this functionality is used, the developer should take care to prevent users from submitting malicious JavaScript. In other words, MongoDB deliberately includes a potential injection vector. So what can a malicious user do if the developer is not careful?

Simple MongoDB Injection in PHP

For a basic authentication bypass, the attacker can try to enter MongoDB operators in field values, for example $eq (equals), $ne (not equal to) or $gt (greater than). Here’s an unsafe way to build a database query in a PHP application, with the parameter values taken directly from a form: Wikango usb devices driver download for windows 10.

If this query is then used to check login credentials, the attacker can abuse PHP’s built-in associative array processing to inject a MongoDB query that always returns true and bypass the authentication process. This may be as simple as sending the following POST request:

PHP will translate this into an array of arrays:

When sent as a MongoDB query to a user store, this will find all users where the user name and password are not equal to 1, which is highly likely to be true and may allow the attacker to bypass authentication.

JavaScript Injection in MongoDB

Multi remote desktop windows 10. Let’s say we have a vulnerable application where the developer uses MongoDB’s $where query operator with unvalidated user inputs. This allows an attacker to inject malicious input containing JavaScript code. While the attacker can’t inject completely arbitrary JavaScript, only code that uses a limited set of functions, this is quite enough for a useful attack.

Javascript

To query a MongoDB data store with the $where operator, you would normally use the find() function, for example:

This would match records with name Netsparker. A vulnerable PHP application might directly insert unsanitized user input when building the query, for example from the variable $userData:

The attacker might then inject an exploit string like 'a'; sleep(5000) into $userData to have the server pause for 5 seconds if the injection was successful. The query executed by the server would be:

Because queries are written in the application language, this is just one of the many types of injection possible. For example, if Node.js is used for server-side scripting, as in the popular MEAN stack (MongoDB, ExpressJS, AngularJS, and Node.js), server-side JavaScript injection into Node.js may be possible.

Preventing NoSQL Injection Attacks

The consequences of a successful MongoDB injection or other NoSQL injection attack can be even more serious than with traditional SQL injection. Attackers can not only extract data from the database, but also execute code in the context of the application, for example to perform denial of service attacks or even compromise admin user accounts and take control of the server. Such attacks are especially dangerous since NoSQL data stores are often a novelty to developers familiar only with relational database products, which increases the risk of insecure code.

Many popular NoSQL products are still young and under intense development, so it’s always a good idea to use the most recent version. For example, earlier versions of MongoDB were notoriously insecure on many levels and had serious injection vulnerabilities, while in more recent versions, security is taken much more seriously.

As is often the case in web application security, the best way to prevent NoSQL injection attacks is to avoid using unsanitized user inputs in application code, especially when building database queries. MongoDB, for example, has built-in features for secure query building without JavaScript. If you do need to use JavaScript in queries, follow the usual best practices: validate and encode all user inputs, apply the rule of least privilege, and know your language to avoid using vulnerable constructs. For more advice, see the OWASP page on testing for NoSQL injection.

A quick reference to JavaScript.

Created on: 2019-09-30

Tag: cheat_sheet

Warning

Anytime

under heavy construction and not well organized

to get the last char of the string:

(source: https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_slice6)

to merge two json object:

OR:

(source: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for..in)

output:

(source: https://www.howtogeek.com/251807/how-to-enable-pasting-text-on-sites-that-block-it/)

Javascript Injection Cheat Sheet

(source: http://nathangiesbrecht.com/check-all-checkboxes-chrome-javascript)

(auther: Sk Imtiaz Ahmed source: https://www.facebook.com/groups/desperatelyseekingbracu/permalink/2235744283319547/?comment_id=2235785336648775&comment_tracking=%7B%22tn%22%3A%22R%22%7D)

Type the fisrt part of the URL the press Shift+Delete

(source: https://productforums.google.com/forum/#!msg/chrome/i8HqLSSePLo/C0C_otXyB90J)

document.body.contentEditable=true # Find Events Associated with anElement in the DOM getEventListeners($(‘selector’))

(source: https://medium.freecodecamp.com/10-tips-to-maximize-your-javascript-debugging-experience-b69a75859329#.b6w50oyma)

run when the password manager is open from the chrome console (hit f12 to access the console) in frame settings (passwords):

~alogsinb

to go back to previous page:

source: https://stackoverflow.com/a/34178688/5350059

to check a button by class name:

source: https://stackoverflow.com/questions/25587762/javascript-click-on-element-by-class

to auto-fill user name and pass from bookmark:

source: IppSec Bitlab Youtube Video

to sleep for millisecond:

Oracle Sql Injection Cheat Sheet

source: https://stackoverflow.com/a/39914235/5350059

to highlights all links on a webpage:

make a bookmark with:

Command Injection Cheat Sheet

source: https://superuser.com/a/296578