Request Injection Attacks
If you are passing
A fairly innocuous example: suppose you are looking up a user's information
with the request http://www.example.com?username=bob.
Your application creates the query
Someone could subvert this by getting
http://www.example.com?username[$ne]=foo, which PHP
will magically turn into an associative array, turning your query into
This is a fairly easy attack to defend against: make sure $_GET and $_POST parameters are the type you expect before you send them to the database. PHP has the filter_var function to assist with this. Note that this type of attack can be used with any database interaction that locates a document, including updates, upserts, deletes, and findAndModify commands. See » the main documentation for more information about SQL-injection-like issues with MongoDB. |