Digital Whisper

Digital Whisper
,58 2015
:
:
, .5Fingers-
Digital Whisper . Digital Whisper

. Digital Whisper/
. .
, , - editor@digitalwhisper.co.il

!58 .2015
, - "" ,
"" . - ,
.
, -
" , " . , ,13
, MS00-057- IIS
4 ,5- ( "The UNICODE bug"- ) , MS04-007
" "Kill-Bill .
MS01-033 -
" ,"Code Red MS02-039- " "SQL Slammer .
HeartBleed- ,ShellShock- ( ) , ,"
( , ,
, , ,)"Misfortune Cookie"-
, " " ,
, X ,
, " ,"In the Wild
, ,
-
-.
,
.
, ,

, , .

www.DigitalWhisper.co.il
,58 2015
, ,
, NSA-
. , . ,CISO
, -
. - ,
- .
-
,
-.
!
.

,58 2015
System Call Hooking
16
MongoDB-
29
45

,58 2015

( )

Malware & Vulnerability -

Research' . Misfortune
Cookie .
. .TR-069- ,
TR-069 .
, ,
.
,TR-069 ,)CPE WAN Management Protocol( CWMP
, ' CPE -
( .)Customer Premise Equipment 2004- ,Broadband Forum-
. ,
.
, , ,
.
, ,SOAP RPC XML , .HTTP
,CPE- session "Auto Configuration ( "ACS
,)Server . CPE- ,
, .
. , ACS-
. CPE- ,ACS-

,58 2015
( ) ,
DHCP , .
CPE- .ACS- CPE- Inform

, HTTP ,
. , ACS- .CPE-
, ,
firmware.
, ,
. , session ,
, .
.Connection Request HTTP
( CPE- URL- + ) . ,
ACS- ( !) . ""
HTTP , WAN- , Connection -
.Requests , ,7547 .

,58 2015
, .TR-069
WAN- 7574 .
, HTTP .
.ZMAP
ZMAP , 42- 1
' . , , , 7547
-IP- .IPv4- -IP 46,063,733 ( 1.18%).
, -
( HTTP )80 1.77% . ,
( :fun fact Connection Request .)30005
IPv4- , -IP- 7547
, HTTP . fingerprinting HTTP
"Server"-.HTTP headers-
.
?ROMPAGER
, ( -IP-)
.RomPager ,RomPager ,
. ,embedded HTTP server-
( ) RomPager . ,1996-
( .)5.4 -

,58 2015
98%- RomPager- RomPager -

,4.07/UPnP 1.0 RomPager- .
, RomPager "
.2002- , 11.3- 7547
... 80 2 .
80 WAN- ,
, 7547 .CWMP
" ?" . ,
,HTTP ,80 IP- . , "/"-
RomPager Authorization Required 401 realm- header-
( ,") , . 200-
.TP-LINK, D-Link, Huawei, ZTE, Edimax, ZyXEL :
.
:RomPager 4.07
TP-LINK W8961ND .,
firmware- , .ras
, - , .
- #1 firmware , .Binwalk-
( Binwalk- ) firmware-
. - bootloader-
. ( firmware- ) .
-resource ( ) .
, ,Binwalk .ZynOS- embedded ZyXEL
( ZyXEL .)RomPager ,
.ZynOS

,58 2015
. ,ZynOS
.RomPager 4.07
.
, .IDA- (ZynOS header-
" IDA ,)Binwalk , -
( mipsb32 " ) .
-opcode , IDA
. base address- , IDA
.data- ZynOS header-
, .0
, .
.
( , ) .
.
libc ( )strcpy, strcat.. (.)memmove, memcopy
- #2 libc- . binary diffing- libc
. RomPager-
, .

,58 2015
.
-struct :
Struct HttpHeader
{
Void * funcPtr
char * headerName
int size
}
-struct- header .HTTP

,
.
strncpy-
. , .
, sub-headers ( digest authorization
)HTTP strcpy- . ,
, ( ,
, ,HTTP headers-
600 ).
,
" " digest
. , username- 581-
. , .
- #3 :
,
. qemu .
, ,linux , . ,
, . ,
. JTAG ,
(
).
JTAG ,
,U-ART ,JTAG-

,58 2015
10
. .
, ( USB
, ) . BusPirate- .
RomPager :
,debug strings dump
bootloader- .

telnet
bootloader-
.

.
, -
instruction pointer (-mips- .)EPC - stack dump-
( , API-
) , callback-
. , callback-
, IDA , offset-.

,58 2015
11
- #4 code exploration- ,
. elf- ,exe IDA
, ( ).
, callback- ,0 .
.
, . instruction pointer-
. ,
shellcode- , "" .
. RomPager 4.07
. , ,
( ) ,
. - .
,
. ,
.
,EPC-
sub-headers ( digest authorization-
,)strcpy- HTTP . ,
() , ,80
.
:
,Misfortune Cookie
.HTTP-
, , ,
.
RomPager ,embedded ,
( )10 .,

,58 2015
12
,C0,C1C9 : ,C0 - C1 ,
, .C9 40.
mips (
branch- ):
- s0 Cookie-( HTTP header- ")"C3=abcd\r\n
- v0
( this - s4 , )0x6b28
FindTokenDelimiter "="
- FindCookieEnd
,mips- C ( ):
)void ParseCookie(Request * request, char * name, char * value
{
)'if (name[0] == 'C
{
;)int index = atoi(name+1

,58 2015
13
;)strncpy(request->CookieArray[index],value,40
}
}
. ,
C1234 HTTP- :
)this->CookieArray + (1234* 40
. , ""
( " )" C-300 . ,
.

, ,
, . ,
,RomPager " index"
.RomPager 4.07
? , ,RomPager
, admin panel-
( .) 7547 ,
, .
, ?RomPager
. -chipset- -
( Trendchip Trendchip .)MediaTek Allegro- RomPager- ,2002- ZynOS-
,Zyxel- SDK- .chipset-
, ,
.
,RomPager- AllegroSoft .
( 2005- )4.34 ,
.

,58 2015
14
-chipset- , (,TP-Link
Dlink) , .
,
, ,
.
,

: ,DDOS NAT- .LAN-
,
.
, .
.
\ :#5
,)4.34( RomPager .
,elf .private symbols ,
. ,binary diffing
,
RomPager . ,
.RomPager

Malware & Vulnerability- ' . , ,
lioro@checkpoint.com -
, Malware & Vulnerability' , .

,58 2015
15
System Call Hooking

Hooking
( Neurevt Betabot- - )Carberp- . System -
Call Windows Hook- . -
.Git Repository
?Hooking
Hooking- Digital Whisper- Zerith 10
IAT Hooking ,18 Hooking-
.
Inline Hooking- -
Windows API "" ( )Function Prologue 5
:
MOV EDI, EDI
PUSH ESP
MOV EBP, ESP
8B FF:
55:
8B EC:
, Inline Hooking- ""

( JMP 5) . ,
.
[ ]newgre.net-
System Call Hooking

,58 2015
16
,
.
,
. , :
:Windows
Windows ,
User Mode : ,Kernel Mode- Ring3 Ring0- .
User Mode- ( ) .Kernel Mode-
( )
.Kernel Mode-
?
() CreateFileA . User -
,Mode , , Ntfs.sys
?Kernel Mode- ,System Call-
,
User-Mode .
System
,Service Dispatch Table
.
: SSDT ,Windows- ,Native

GUI Microsoft IIS .
spud.sys .
" .SSDT-
SSDT- ntoskrnl.exe
, ntdll!NtCreateFile
.ntoskrnl!NtCreateFile-
System Call Hooking

,58 2015
17
System Calls
( )Windows API User Mode
.System Calls : ( NtTerminateProcess, NtCreateMutant')
Windows-
( NtCreateFile .)Ntfs.sys
Windows 2000 :
MOV EAX, SyscallNumber
]LEA EDX, [ESP+4
INT 2Eh
)RETN 4 * (Number of Arguments
1.
2.
3.
4.
.1 EAX .
.2 EDX .
.3 2E .
.4 .
,Windows XP- :
MOV EAX, SyscallNumber
MOV EDX, 7FFE0300h ; EDX = SystemCallStub
]CALL DWORD PTR [EDX
RETN 8
1.
2.
3.
4.
.1 EAX .
.2 EDX 03000x7FFe0 SharedUserData!SystemCallStub :
.KiFastSystemCall-
.3 ( EDX- )ntdll!KiFastSystemCall-
.4 .
?KiFastSystemCall-
1. MOV EDX, ESP
2. SYSTENTER
3. RETN
.1 EDX- .
.2 SYSENTER .
.3 .
System Call Hooking
,58 2015
18
?SYSENTER
, Windows XP- Ring3- Ring0- -
.SYSENTER/SYSEXIT
:Intel IA-32 (64) Programming Manual
"Executes a fast call to a level 0 system procedure or routine. SYSENTER is a companion
instruction to SYSEXIT.
The instruction is optimized to provide the maximum performance for system calls from user
code running at privilege level 3 to
"operating system or executive procedures running at privilege level 0.
- Intel IA-32 (64) programming manual, volume 2B.
Privilege Levels-.
SYSENTER ?INT 2E- INT 2E-
Windows (.)Interrupts
Interrupt Descriptor Table
( Interrupt Service Routines- ) .
INT 2E , 2E IDT- Global -
Descriptor Table ( , Windows
).
, System Call (
" .) L1 Cache- , SYSENTER
(
).
System Call Hooking

,58 2015
19
,System Calls- :
.1 /INT 2E .SYSENTER
.2 nt!KiFastCallEntry ( nt!KiSystemService-
)
,KiSystemService .3 , EAX- SSDT-
.
- .OSR Online
System Call Hooking

, ( Carberp-
KiFastSystemCall ) ( Neurevt-' ,') .
, ,Windows- Hook?
System Calling ,
Hooking- ,SSDT-
Hooking SSDT-
KiSystemService
.
System Call Hooking

,58 2015
20
, ( SSDT Hooking) :
.1
, SSDT- ntoskrnl.exe ,
.
.2 -
64 Windows ( Patchguard
(.
.3
- .
User Land- ,Hook- Hooking-

( ,ntoskrnl hooking ') .
Kernel Mode .User Land-
( )User Land .Hook-
System Calls- . , .KiFastSystemCall-
. - .NtTerminateProcess
: , IDA .ntdll.dll Exports-
.NtTerminateProcess- ntdll Process -
Options .Debugger Application ""C:\Windows\system32\rundll32.exe
Parameters " ."NtTerminateProcess ntdll- -
rundll32 DLL DLL . ,
Breakpoint NtTerminateProcess.
System Call Hooking

,58 2015
21
, ZwTerminateProcess ntdll- . -
SystemCallStub KiFastSystemCall- . -
Hook KiFastSystemCall- .
KiFastSystemCall- ( )8B D4 0F 34
( C3) RETN ( )JMP
( System Call- .)RETN
ntdll KiFastSystemCall
( KiFastSystemCallRet )RETN ( KiIntSystemCall
System Call- Windows 2000 )
)!( 11 .
( SHORT JMP 2 127 ) -
]( [KiFastSystemCallRet+1 , )KiFastSystemCallRet
. Betabot- , Dump
Explorer.exe :Neurevt-
System Call Hooking

,58 2015
22
Neurevt KiFastSystemCall- KiFastSystemCallRet+1- :

PUSH 7FF3F524h
RET
.1 .0x7FF3F524
.2 ( 0x7FF3F524 RET
).
PUSH/RET- JMP-
.JMP
, , . ,
, .
Writing some code

RadAsm- MASM- .
(" ,).exe :
. .
. .
, .
.
(
).
:
; 80386 processor nonprivileged instructions
; STDCALL calling convention, flat memory arrangement
; Case sensitive
.386
.model flat,stdcall
option casemap:none
VirtualProtect Kernel32-
, Kernel32.
; Add kernel32 definitions
; Link against kernel32.lib
include kernel32.inc
includelib kernel32.lib
System Call Hooking

,58 2015
23
:Data Section
.data
oldProtection dd ?
; For VirtualProtect()
arrayOfEvil DWORD 149h DUP (0), offset newNtSetInformationFile , 40h DUP (0);
Place hooks here by Syscall numbers
KiFastSystemCall : EAX- ,
.code ; Start of code section
start:
mov esi, 07FFE0300h
lodsd
call changeProtection
; ESI = SharedUserData!SystemCallStub
; EAX = KiFastSystemCall
- .VirtualProtect- changeProtection
. VirtualProtect- ,Write KiFastSystemCallRet
changeProtection:
push eax
; Save KiFastSystemCall addr
push offset oldProtection
push 40h
; PAGE_EXECUTE_READWRITE
push 6
; [KiIntSystemCall - KiFastSystemCall]
push eax
call VirtualProtect
; VirutalProtect((void
*)KiFastSystemCall, 6,
PAGE_EXECUTE_READWRITE, &oldProtection)
pop eax
; EAX = KiFastSystemCall addr
retn
EAX EDX
.
1. mov edx, 03EBh ; 0xEB03 =
2. mov [eax], edx
JMP SHORT 3 bytes
.KiFastSystemCall EDX- .1
.) 3 ( EDX- KiFastSystemCall .2
PUSH/RET- Neurevt-
:KiFastSystemCallRet
1. lea eax, [eax + 5]
mov dl, 68h
mov [eax], dl
; EAX = [KiFastSystemCallRet + 1]
; 0x68 = PUSH
; [KiFastSystemCallRet + 1] = PUSH
System Call Hooking

24
2015 ,58
2. inc eax
]; EAX = [KiFastSystemCallRet + 2
mov edx, offset evilCode ; EDX = pointer to our trap
mov [eax], edx
; Now [KiFastSystemCallRet + 1] = PUSH offset
evilCode
]3. lea eax, [eax + 4
]; EAX = [KiFastSystemCallRet + 6
mov dl, 0C3h
; 0xC3 = RET
mov [eax], dl
; [KiFastSystemCallRet + 6] = RETN
.1 - KiFastSysetmCallRet 11
( .)PUSH/RET EAX .
.2 ( PUSH- 0x68 ).
.3 0x68 -Hook- .
.4 PUSH- .RETN
evilCode- .
arrayOfEvil Syscall- .Hook
. Hook -
Hook , .
Hooks , .
hook ( NtSetInformationFile- 0x149 )Windows 7-
, 0x149
.NtSetInformationFile
evilCode:
1. mov ecx, offset arrayOfEvil
]2. lea ecx, [ecx + eax * 4
]3. mov ebx, [ecx
4. cmp ebx, 0
5. jz origKiFastSystemCall
6. jmp ebx
.1 ECX- .
.2 .
.3 EBX- .
.4 .
.5 , , .
.6 , EBX- Hook-.
System Call Hooking
,58 2015
25
, Hook- . System Call ,

. ,
DeleteFile- Native API ,DeleteFile Windows API
.
NtSetInformationFile ( ) NtDeleteFile-
:
NTSTATUS NtSetInformationFile(
IN HANDLE
FileHandle,
OUT PIO_STATUS_BLOCK
IoStatusBlock,
IN PVOID
FileInformation,
IN ULONG
Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);
].undocumented.ntinternals.net-[
.FILE_INFORMATION_CLASS
( 0xD ,
BOOLEAN ) FILE_DISPOSITION_INFORMATION
:
newNtSetInformationFile:
1. Pushad
2. mov edi, [esp + 38h]
3. cmp edi, 0Dh
4. jnz callRealKiFastSystemCall
xor edi, edi
5. mov ebx, [esp + 30h]
6. mov [ebx], dl
7. callRealKiFastSystemCall:
8. popad
9. jmp origKiFastSystemCall
; 0xD = FileDispositionInformation
; EBX = (VOID *)dispositionInfo

; dispositionInfo.DeleteFile = 0 (FALSE)
. General Purpose Registers- .1

FILE_INFORMATION_CLASS. EDI- .2
?FILE_DISPOSITION_INFORMATION FILE_INFORMATION_CLASS .3
. , , .4
. Struct EBX- .5
.FALSE .6
. General Purpose Registers- .7
System Call Hooking
26
2015 ,58
Hook- :DeleteFile-
push offset fileToDelete
call DeleteFile
; Will call NtSetInformationFile
retn
.):
KiFastSystemCall System Calls-:
; SYSENTER
origKiFastSystemCall:
mov edx, esp
dw 340fh
retn
end start
'

KiFastSystemCall- KiIntSystemCall 7.
, KiIntSystemCall- ?
STD( CLD- )Direction-
.KiIntSystemCall- KiIntSystemCall
STD Direction Flag- KiFastSystemCall- CLD
( ]1+KiIntSystemCall[- .)STD-
, CLD, STD
:]1+KiIntSystemCall[-
; 0xFC = CLD, 0xEB0F JMP SHORT 0xE bytes
; EAX = KiIntSystemCall
; 0xFD = STD
edx, 0EEBFCh
[eax], edx
eax, [eax + 10h
dl, 0FDh
[eax], dl
System Call Hooking

,58 2015
27
mov
mov
lea
mov
mov
Direction Flag- :
Pushfd
pop edx
bt edx, 0Ah
; CF = DF
jc origKiIntSystemCall
mov ecx, offset arrayOfEvil
]lea ecx, [ecx + eax * 4
]mov edx, [ecx
cmp edx, 0
jz origKiFastSystemCall
jmp edx
1.
2.
3.
4.
.1 EFLAGS-.
.2 .EDX
.3 ( )Direction Flag- .Carry Flag-
.4 Carry Flag- , ,KiIntSystemCall- .origKiIntSystemCall-
.Git
Ring3 Rootkits
.

" " , Kernel- ,User Mode- User
Mode .
Hypervisor rootkits UEFI bootkits-
, .
shahakshalev@gmail.com Git-
.
System Call Hooking

,58 2015
28
MongoDB-
5Fingers
,
. 1970 . ) (Edgar F. Codd
IBM ,
.
:
" ,
- ".
.BIG DATA
() ,BIG DATA
BIG DATA- .
- ?
/ ( )Relational Database
"" ( )
.
. , ,
. SQL .
.
-MongoDB
,58 2015
29
[ ' :1 ]
, :
/ ,,
, , ' . ,
, = .
.
[ ' :2 ]
-MongoDB
,58 2015
30
, , '
, ,
,
' ' /
.
, ( ) (MS-SQL ,Oracle
') :
( )Accessibility ( )
()Data Security
( )
, ()Duplications
()Data Integrity
()Parallel
()Distributed
( ///)
(:)Complexity
- Oracle, Microsoft, IBM - .
(:)Performance
: ,.
(.)Time-Critical
:
, , , .
:
.
.
,
. ( (SQL .
.Scaling NoSQL
.
-MongoDB
,58 2015
31
- BIG DATA
,BIG DATA-
- .BIG DATA
-
- ( )petabyte , '.
- , '
'
.
-

.
NoSQLBIG DATA-

. .
SQL , ,
,constraints Stored Procedures , .
Scale-.
-MongoDB
,58 2015
32
NoSQL ,Not Only SQL ,

, , / .
, NoSQL .
' :
- Elastic scaling scale out .
( - )structured and unstructured data

.
-
NoSQL ( )redundancy.
NoSQL / .
.
NoSQL:
Key-Value-DB
Column-DB
Document-DB
Graph-DB
Object-DB
Document Oriented DB
, , ,
( .)unstructured data .NoSQL
, ,
. " JSON ,YAML ,XML ,BSON- PDF
,Microsoft Office - Word, Excel .
:
/ :
. (
)20 ( , = 20)
: 10 . - .
-MongoDB
,58 2015
33
OK , ?
- SQL Injection " '90
, . SQL
" . .
, ( SQL
) .
.
?NoSQL = No Injection
mongoDB .MongoDB : ( open
)source .Document Oriented mongoDB
' ' ( .Key-Value
).
MongoDB JSON ,BSON
. , MongoDB ,
,SQL :
[ " "Making Mongo Cry: NoSQL for Penetration Testers ]Russell Butturini
-MongoDB
,58 2015
34
, mongoDB- () () .
().
, .
NoSQL Injection :MongoDB
DB-
" SQL :
'SELECT * FROM users WHERE username = '$username' AND password = '$password
, ' or '1'='1' -- username-

:
'' = SELECT * FROM users WHERE username = ' ' or '1'='1' -- AND password
MongoDB- .
,mongo :
;)}db.users.find({username: username, password: password
: collection- users username- password-.

.
SQL . mongoDB
, find where
clause :SQL
) } } ] 'db.users.find( { username: { $in: [ 'root, 'admin
' " username- root- .admin-

, .
:
username username="root'})//" :
;)}db.users.find({username: 'root'}) //,password: password
" username password-

.password
-MongoDB
,58 2015
35
]http://www.somethingofthatilk.com/index.php?id=271 :[
-MongoDB
36
2015 ,58
:MongoDB
- Default Ports .1 MongoDB- ' :
- 27017 mongod .mongos- ( )service MongoDB

" port : --port " .
(:)etc/mongodb.conf/
- 27018 --shardsvr :
- 27019 --configsvr :
- 28017 ( ) .
, ,
( - )2 , Shodan- 51,451
:
-MongoDB
,58 2015
37
- Authentication Weakness .2 .
mongoDB
. RDBMS
. ,
,':
Mika / ! ( .digitalwhisper
.)read , ( )
,auth
" .# .
-MongoDB
,58 2015
38
- Authorization Weaknesses .3 .
.
.Admin ,
( admin/) .
.4 - Clear Text ,
ARP Poisoning MITM :
-MongoDB
,58 2015
39
.5 - .mongoDB- mongoDB-
GridFS /data/db/ :
( C:\data\db .)WINDOWS
:
ps -xa | grep mongod
--dbpath- .
:
mongod --dbpath /usr/local/mongodb-data
./usr/local/mongodb-data :
( )mongoDB ,
?
Mongo mongos mongod ,--sslCAFile
, export.
mongoexport -d digitalwhisper -c MyData --out /usr/local/myRecords.json
-MongoDB
,58 2015
40
:NoSQLMap
NoSQLMap ) )Bernardo Damele
) )Miroslav Stampar .SQLMap
NoSQLMap NoSQL
.
.mongoDB- , .
Metasploit Framework .PyMongo- , :
mongoDB , ,
mongoDB .CouchDB- .
-MongoDB
,58 2015
41
, ( )1
:
IP- mongoDB NoSQLMap

web application mongoDB
, mongoDB .
, , , :
http://www.nosqlmap.net
.
-MongoDB
,58 2015
42
MongoDB .Metasploit-
" ,"MondoGB_Login :
use auxiliary/scanner/mongodb/mongodb_login
:
auxiliary- .
-MongoDB
,58 2015
43

NoSQL .
.
NoSQL
.
,MondoDB-
:
http://blog.mongodirector.com/10-tips-to-improve-your-mongodb-security/
Mongo-
.
-
, .
( )tisf , .
/
http://2012.zeronights.org/includes/docs/Firstov%20-%20Attacking%20MongoDB.pdf
http://blogs.adobe.com/security/files/2011/04/NoSQL-But-Even-Less-Security.pdf
https://www.youtube.com/watch?v=Cy8-EYS3HeM
https://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf
http://blog.spiderlabs.com/2013/03/mongodb-security-weaknesses-in-a-typical-nosql-
database.html
http://blog.mongodirector.com/10-tips-to-improve-your-mongodb-security/
-MongoDB
,58 2015
44

58- ,Digital Whisper
- . , , ,
.
, , .
- Digital Whisper !
" " ,
, .editor@digitalwhisper.co.il
, , :
""Talkin' bout a revolution sounds like a whisper
.2015
,
,
31.01.2015

,58 2015
45

Digital Whisper

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Digital Whisper

Uploaded by

Copyright:

Available Formats

Digital Whisper

Digital Whisper . Digital Whisper

System Call Hooking

Malware & Vulnerability -

CPE- .ACS- CPE- Inform

98%- RomPager- RomPager -

-struct- header .HTTP

,debug strings dump

, Malware & Vulnerability' , .

System Call Hooking

, Inline Hooking- ""

System Call Hooking

: SSDT ,Windows- ,Native

System Call Hooking

System Call Hooking

System Call Hooking

System Call Hooking

User Land- ,Hook- Hooking-

System Call Hooking

System Call Hooking

Neurevt KiFastSystemCall- KiFastSystemCallRet+1- :

Writing some code

System Call Hooking

JMP SHORT 3 bytes

System Call Hooking

, Hook- . System Call ,

; EBX = (VOID *)dispositionInfo

. General Purpose Registers- .1

; Will call NtSetInformationFile

System Call Hooking

System Call Hooking

NoSQL ,Not Only SQL ,

- Elastic scaling scale out .

( - )structured and unstructured data

, ' or '1'='1' -- username-

: collection- users username- password-.

' " username- root- .admin-

" username password-

- 27017 mongod .mongos- ( )service MongoDB

IP- mongoDB NoSQLMap

You might also like