So I started some little experiments on MongoDB to find out how can I execute few my own crafted queries in MongoDB query statements. It is not a how to do a manual to do NoSQL injection instead what I try to show is how putting the logical operator in pymongo queries can change the meaning of a MongoDB query statement.

So Enough talking let just start. for this, I created simple database users if you don’t know anything about NoSQL then please google I will not be explaining in this post.

let us sail through pictures.

1. Creating a Database.

2. General code for authentication (It could be different it solely depends on the developer)

3. Command Visualized.

4. Altered Command with a logical operator.

5.Final Outcome.

Observation.

A logical operator is a way to follow in getting NoSQL injection.