Open jitendra-90 opened 1 month ago
Please provide more details of the alert.
Bellow is the description of alert while we are not using MongoDb in our application High Alert --> NoSQL Injection - MongoDB Description --> MongoDB query injection may be possible. Attack --> cloud-shape-dark.png[$ne] Other Info --> In some PHP or NodeJS based back end implementations, in order to obtain sensitive data it is possible to inject the "[$ne]" string (or other similar ones) that is processed as an associative array
How can I try this to attack by Zap Tool
That is not enough information for us to work with. We will need the full alert details, including the relevant request and response. Feel free to obfuscate any sensitive information.
I am attaching alert screenshot, please have a look
Describe the bug
"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB
Steps to reproduce the behavior
"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB
Expected behavior
"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB
Software versions
2.14.0
Screenshots
No response
Errors from the zap.log file
No response
Additional context
No response
Would you like to help fix this issue?