Skip to content
This repository has been archived by the owner on May 3, 2024. It is now read-only.
/ Papaya Public archive

NoSQL Injection Tool to bypass login forms & extract usernames/passwords using regular expressions.

Notifications You must be signed in to change notification settings

eversinc33/Papaya

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Papaya

screenshot

Papaya is a tool to test if a MongoDB/NoSQL-based web application is vulnerable to a basic nosql injection on POST login forms, including tests for password and username extraction.

The attack works by injecting nosql's $regex and $eq operators on passwords and usernames.

Usage

python3 papaya.py TARGET_URL
  • test for vulnerability
  • if application is vulnerable, search for a string that is unique in the positive response and set it as the identifier
  • choose an attack

Dependencies

pip install -r requirements.txt

About

NoSQL Injection Tool to bypass login forms & extract usernames/passwords using regular expressions.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages