W-NOSQLICollection

NoSQL Injection (MongoDB)

{"$ne": null} / {"$gt": ""} operator injection bypasses login or extracts data field by field.

§ Where this technique fits

W-NOSQLI is catalogued under the Collection tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

NoSQL injection → auth bypass → admin
Login endpoint passes user-supplied JSON into a MongoDB query. Send {"$ne": null} to bypass the password check.
step 2 / 5

§ What commonly comes next

01
Exfiltration Over C2 Channel
T1041 · Exfiltration
seen 1×
02
Valid Accounts
T1078 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

NoSQL injection → auth bypass → admin

§ What commonly comes next