Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

NoSQL

Thomas Green Nov 28, 2014 11:04AM UTC

Does Burpsuite or any of its add ons support checks for NoSQL databases?


Liam Tai-Hogan Nov 28, 2014 11:05AM UTC Support Center agent

Hi Thomas

Thanks for your message. The latest version of Burp Suite Pro does check for server-side JavaScript injection.

Please let us know if you need any further assistance.


C Chigurupati Apr 06, 2016 07:24PM UTC
Hi Liam,

Would like to resurrect this question. I think the issue here is different. Let's say that the client-side javascript is constructing NoSQL queries against popular NoSQL products such as MongoDB, Cassandra, ElasticSearch etc. Now, a malware author can inject bad code by modifying such NoSQL queries just like the way SQL injection is done. Of course, the non-standard NoSQL query constructs make it a problem with a large surface area. Any info on detecting NoSQL attacks is appreciated.

Thx
C Chigurupati

Dafydd Stuttard Apr 08, 2016 12:22PM UTC Support Center agent

If NoSQL queries are submitted by the client to the server where they are executed, then Burp’s checks for server-side JS injection should detect this vulnerability.


Post Your public answer

Your name
Your email address
Answer