JavaScript (server-side) injection vulnerabilities are not limited. NoSQL database engines that process JavaScript containing user-specified parameters can also be vulnerable.  For example, MongoDB supports the use of JavaScript  functions for query specifications etc. Since MongoDB databases do not have strictly defined database schemas, using JavaScript for query syntax allows developers to write complex queries against disparate  document structures. For example,we have a MongoDB collection that contains some documents representing books, some documents representing movies, and some documents representing music albums.  This JavaScript query function  will select all the documents in the specified collection that were either written, filmed, or recorded in the specified time:

function()

{

var search_time = input_value;

return this.publishingTime == search_time ||

this.filmingTime == search_Time ||

this.recordingTime == search_Time;

}

If the application developer were building this application in PHP (for example), the source code might look like this:

$query = ‘function()

{

var search_time = ” .

$_GET[‘time’] . ”;’ .

‘return this.publishingTime == search_Time || ‘ .

this.filmingTime == search_Time || ‘ .

this.recordingTime == search_Time;}’;

$cursor = $collection->find(array(‘$where’ => $query));

This code uses the value of the request parameter “year” as the search
parameter. However, just as in a traditional SQL injection attack, since the query syntax is being constructed in an ad-hoc fashion  (i.e. query syntax concatenated along with user input), this code is vulnerable to a server-side JavaScript
injection attack. For example, this request would be an effective DoS attack against the system:
                  
                      http://server/app.php?year=1995′;while(1);var%20foo=’bar

credits : sql injection attacks and defence.

Pin It on Pinterest

Shares
Share This