search

codingo / NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.
GNU General Public License v3.0
2.88k stars 577 forks source link

[HELP] how to set POST parameter #119

Closed symant233 closed 3 years ago

symant233 commented 3 years ago

What's the problem (or question)?

I want set the POST parameter for 3-NoSQL Web App attacks, but I got List of parameters: empty.

i.g. I want to POST { "id": "123" } to the API, 

Select an option: 6
1-Send request as a GET
2-Send request as a POST
Select an option: 2
POST request set
Enter POST data in a comma separated list (i.e. param name 1,value1,param name 2,value2)
'id','123'

But it cannot match param I set.

Select an option: 3
Web App Attacks (POST)
===============
Checking to see if site at 127.0.0.1:3000/inject is up...
App is up!
List of parameters:
Which parameter should we inject? id
Traceback (most recent call last):
  File "nosqlmap.py", line 544, in <module>
    main(args)
  File "nosqlmap.py", line 47, in main
    mainMenu()
  File "nosqlmap.py", line 103, in mainMenu
    nsmweb.postApps(victim,webPort,uri,https,verb,postData,requestHeaders)
  File "/home/symant/NoSQLMap/nsmweb.py", line 466, in postApps
    injOpt = str(postData.keys()[int(injIndex)-1])
ValueError: invalid literal for int() with base 10: 'id'

Thank you for your help!

symant233 commented 3 years ago

Works when I passed two params...