Collaborate Disseminate
I’m testing the following /event/insert API endpoint which I believe may be vulnerable to a MongoDB injection. Specifically, I’m concerned about any/all injections that would overwrite or delete records in my Mongo location_history collect… Continue reading Is this vulnerable to a nosql injection?
Explore the key differences between relational and NoSQL cloud databases, their pros and cons, and the top database choices. Continue reading Relational vs NoSQL Cloud Databases
In an intentionally vulnerable lab used for studying noSQL injection, the specific case of $where is the topic of this question:
code:
let username = req.query.username;
query = { $where: `this.username == ‘${username}’` }
User.find(query,… Continue reading nosql injection with $where [closed]
Osquery is a great open standard for collecting data from endpoints, using SQL syntax.
Kusto is a new Microsoft language for collecting data from Windows endpoints, using syntax which is almost–but not entirely–unlike SQL.
Microsoft is p… Continue reading Kusto to Osquery translator?
Is it possible to extract other collections that exists in the database?
Let’s say I have 2 collections in the database, they are:
1.users
2.posts
Also we assume the users collection is vulnerable to NoSQLi. In an SQL Injection attack we … Continue reading MongoDB NoSQL Injection extract collections
We are developing a application in Dotnet MVC with mongodb as a database.
We use below mentioned query in order fetch the data from the database.
Controller code:
[Get("getmsg")]
Public HttpResponseMessage GetMsg(int id = "… Continue reading Possible no sql injection?
CockroachDB’s success is not guaranteed. It has to overcome significant hurdles to secure a profitable place among well-established database technologies owned by companies with very deep pockets. Continue reading Scaling CockroachDB in the red ocean of relational databases
Couchbase could double its valuation provided that investors are more interested in its faster-than-Red Hat growth than they are worried about its history of cash consumption and growing net losses. Continue reading What does Red Hat’s sale to IBM tell us about Couchbase’s valuation?
Meroxa, a startup that makes it easier for businesses to build the data pipelines to power both their analytics and operational workflows, today announced that it has raised a $15 million Series A funding round led by Drive Capital. Existing investors Root, Amplify and Hustle Fund also participated in this round, which together with the […] Continue reading Meroxa raises $15M Series A for its real-time data platform
At its Ignite conference today, Microsoft announced the launch of Azure Managed Instance for Apache Cassandra, its latest NoSQL database offering and a competitor to Cassandra-centric companies like Datastax. Microsoft describes the new service as a ‘semi-managed offering that will help companies bring more of their Cassandra-based workloads into its cloud. “Customers can easily take […] Continue reading Microsoft Azure expands its NoSQL portfolio with Managed Instances for Apache Cassandra