NoSQL injection exploits the query languages of non-relational databases — MongoDB, CouchDB, DynamoDB, Redis. Unlike SQL injection, NoSQL injection typically involves: operator injection (using MongoDB operators like $gt, $ne, $regex in query parameters), JavaScript injection in MongoDB's server-side JavaScript evaluation, authentication bypass through operator manipulation, and data extraction through boolean-based or error-based techniques. Testing requires understanding the specific NoSQL database in use and its query syntax, as each database has different injection vectors.
Technical
NoSQL Injection: Attacking MongoDB, CouchDB, and Document Databases ສຳລັບວິສາຫະກິດລາວ
NoSQL databases are vulnerable to injection attacks different from SQL injection. Testing for operator injection and authentication bypass. Guidance for LA market.