Web application security - the fast guide 1.1 | Page 125

Chapter 6 - Attack execution (2)
P a g e | 125
But this attack cannot be executed if we don’t know the names of tables and
columns so we can try to inject the following (as information_schema is
supported by ms sql and mysql)
SELECT table_name,column_name FROM information_schema.columns
where
column_name LIKE ‘%PASS%’
6.10 NO SQL injection
No SQL data base does not follow the same rules as the relational data bases
therefore it does not support SQL queries, the alternative in no SQL databases
differ depending on the database type. A list of common query methods includes:
 Key / value lookup
 XPath
 Direct usage of programming language like JavaScript
Injection in mongo DB:
Mongo db is one of the no sql databases that gained a wide popularity specially
with web application that focus on scalability.
No sql Injection is possible by inserting a value with special characters.
the following listing is php code that will create a Mongo DB instance and
retrieve an array containing the username and password.
Listing
$m = new Mongo();
$db = $m->cmsdb;
$collection = $db->user;
$js = “function() {
return this.username == ‘$username’ & this.password == ‘$password’; }”;
$obj = $collection->findOne(array(‘$where’ => $js));
if (isset($obj[“uid”]))