NoSQL Injection Authentication Bypass

high Web App Scanning Plugin ID 113337

Synopsis

NoSQL Injection Authentication Bypass

Description

A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation.

This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of further server components.

Scanner discovered that the affected page and parameter are vulnerable. This injection was detected as scanner was able to discover known error messages within the server's response.

Solution

The most effective remediation against NoSQL injection attacks is to ensure that NoSQL API calls are not constructed via string concatenation that includes unsanitized data.
Sanitization is best achieved using existing escaping libraries.

See Also

https://www.owasp.org/index.php/Testing_for_NoSQL_injection

Plugin Details

Severity: High

ID: 113337

Type: remote

Family: Injection

Published: 9/6/2022

Updated: 6/5/2024

Scan Template: api, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.2

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CVSS Score Source: Tenable

CVSS v4

Risk Factor: High

Base Score: 7.2

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

CVSS Score Source: Tenable

Reference Information

CWE: 89

OWASP: 2010-A1, 2013-A1, 2017-A1, 2021-A3

WASC: SQL Injection

CAPEC: 108, 109, 110, 470, 66, 7

DISA STIG: APSC-DV-002540

HIPAA: 164.306(a)(1), 164.306(a)(2)

ISO: 27001-A.14.2.5

NIST: sp800_53-SI-10

OWASP API: 2019-API8

OWASP ASVS: 4.0.2-5.3.4

PCI-DSS: 3.2-6.5.1