SensePost
LightNews LightNews
banner
sensepost.com
SensePost
@sensepost.com
300 followers 16 following 19 posts
Work like hell,
Share all you know,
Abide by your handshake,
Have fun. - Dan Geer
Posts Replies Media Videos
sensepost.com
After identifying a mistake relating to NTLMv1 being enabled in the test environment, the blog has been updated with an errata section.
April 17, 2025 at 7:11 PM
sensepost.com
The first part can be found here bsky.app/profile/sens...
sensepost.com SensePost @sensepost.com · Mar 11
A look at some of the trickier NoSQL injection scenarios from Reino. With ways of manipulating the query to deal with pre/post conditions successfully sensepost.com/blog/2025/ge...

(v3 of this skeet because there's no edit button and I need a proof reader)
Syntax injection into the JSON query filter (New Stuff) In this case, the developers are using string concatenation, or more likely string interpolation to construct the query filter, before making it into a JSON object, and passing it to MongoDB. We can thus add in our own query conditions. This is a bit of a game changer from operator injection, since we can now query on the fields we want, instead of being stuck inside an existing field.
March 15, 2025 at 4:11 PM
sensepost.com
The second part just went up bsky.app/profile/sens...
sensepost.com SensePost @sensepost.com · Mar 15
Reino takes his NoSQL injection series a bit further with (maybe) new techniques for more efficient error based NoSQL injections in this follow up post: sensepost.com/blog/2025/no...
NoSQL error-based injection Reading time ~6 min Posted by Reino Mostert on 15 March 2025 Categories: Database, Nosql injection, Injection, Nosql TL;DR How to do NoSQL error-based injection In this second blog post on NoSQL injection, I discuss how to do error-based injection. I think this might be a novel approach – at least my Google search-fu isn’t finding anything.
March 15, 2025 at 4:11 PM