From 7f8fab893555254f03da48f725b9189108625f23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jun 2025 21:06:50 +0000 Subject: [PATCH 1/4] Bump requests from 2.20.0 to 2.32.4 Bumps [requests](https://github.com/psf/requests) from 2.20.0 to 2.32.4. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.20.0...v2.32.4) --- updated-dependencies: - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index b3503f3..bbf747d 100644 --- a/setup.py +++ b/setup.py @@ -16,7 +16,7 @@ install_requires = [ "CouchDB==1.0", "httplib2==0.19.0", "ipcalc==1.1.3",\ "NoSQLMap==0.7", "pbkdf2==1.3", "pymongo==2.7.2",\ - "requests==2.20.0"], + "requests==2.32.4"], author = "tcstool", author_email = "codingo@protonmail.com", From cc4fa55f08b83716294cfe4f8f963dcbcd0e37d9 Mon Sep 17 00:00:00 2001 From: Dan Kegel Date: Thu, 19 Feb 2026 12:57:12 -0800 Subject: [PATCH 2/4] Fix overeager requests update incompatible with python 2.7 Python 2.7 was very sad with dependabot's change. Fixed! Also three docker improvements: - Make development easier with docker by using the files from the current directory instead of checking out a fresh copy. This clutters the top level directory a bit, but it feels like a good tradeoff. - Have the docker app listen on port 8080 by default, as fiddling with port 80 is a bit scary - Have the docker app accept commandline parameters And, finally, a README.md improvement: - Show an example script to tickle three vulnerabilities in vuln_apps --- docker/Dockerfile => Dockerfile | 7 ++- README.md | 45 ++++++++++++++++++- .../docker-compose.yml => docker-compose.yml | 0 docker/entrypoint.sh | 2 - entrypoint.sh | 2 + setup.py | 2 +- vuln_apps/docker-compose.yml | 2 +- 7 files changed, 50 insertions(+), 10 deletions(-) rename docker/Dockerfile => Dockerfile (71%) rename docker/docker-compose.yml => docker-compose.yml (100%) delete mode 100644 docker/entrypoint.sh create mode 100644 entrypoint.sh diff --git a/docker/Dockerfile b/Dockerfile similarity index 71% rename from docker/Dockerfile rename to Dockerfile index 6ff83f2..3c46d8d 100644 --- a/docker/Dockerfile +++ b/Dockerfile @@ -4,13 +4,12 @@ RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/main' >> /etc/apk/repositori RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/community' >> /etc/apk/repositories RUN apk update && apk add mongodb git -RUN git clone https://github.com/codingo/NoSQLMap.git /root/NoSqlMap - -WORKDIR /root/NoSqlMap +WORKDIR /work +COPY . /work RUN python setup.py install -RUN python -m pip install requests 'certifi<=2020.4.5.1' +RUN python -m pip install 'requests<2.28' 'certifi<=2020.4.5.1' COPY entrypoint.sh /tmp/entrypoint.sh RUN chmod +x /tmp/entrypoint.sh diff --git a/README.md b/README.md index 50abb20..1aa3b47 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ There are some various other libraries required that a normal Python installatio python setup.py install ``` -Alternatively you can build a Docker image by changing to the docker directory and entering: +Alternatively you can build a Docker image by entering: ``` docker build -t nosqlmap . @@ -102,4 +102,45 @@ This repo also includes an intentionally vulnerable web application to test NoSQ docker-compose build && docker-compose up ``` -Once that is complete, you should be able to access the vulnerable application by visiting: https://127.0.0.1/index.html +Once that is complete, you should be able to access the vulnerable application by visiting: https://127.0.0.1:8080/index.html + +## Scripting + +The cli can also be scripted. Here's an example script using NoSQLMap to detect the vulnerabilities in vuln_apps: + +``` +$ echo "1. Account Lookup (acct.php)" +$ docker-compose run --remove-orphans nosqlmap \ + --attack 2 \ + --victim host.docker.internal \ + --webPort 8080 \ + --uri "/acct.php?acctid=test" \ + --httpMethod GET \ + --params 1 \ + --injectSize 4 \ + --injectFormat 2 \ + --doTimeAttack n + +$ echo "2. User Data Lookup (userdata.php) - JavaScript Injection" +$ docker-compose run --remove-orphans nosqlmap \ + --attack 2 \ + --victim host.docker.internal \ + --webPort 8080 \ + --uri "/userdata.php?usersearch=test" \ + --httpMethod GET \ + --params 1 \ + --injectSize 4 \ + --injectFormat 2 \ + --doTimeAttack n + +$ echo "3. Order Data Lookup (orderdata.php) - JavaScript Injection" +$ docker-compose run --remove-orphans nosqlmap \ + --attack 2 \ + --victim host.docker.internal \ + --webPort 8080 \ + --uri "/orderdata.php?ordersearch=test" \ + --httpMethod GET \ + --params 1 \ + --injectSize 4 \ + --injectFormat 2 \ + --doTimeAttack n diff --git a/docker/docker-compose.yml b/docker-compose.yml similarity index 100% rename from docker/docker-compose.yml rename to docker-compose.yml diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh deleted file mode 100644 index eb9b8b4..0000000 --- a/docker/entrypoint.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/ash -python nosqlmap.py diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..1831ba8 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,2 @@ +#!/bin/ash +python nosqlmap.py "$@" diff --git a/setup.py b/setup.py index bbf747d..1372457 100644 --- a/setup.py +++ b/setup.py @@ -16,7 +16,7 @@ install_requires = [ "CouchDB==1.0", "httplib2==0.19.0", "ipcalc==1.1.3",\ "NoSQLMap==0.7", "pbkdf2==1.3", "pymongo==2.7.2",\ - "requests==2.32.4"], + "requests<2.28"], author = "tcstool", author_email = "codingo@protonmail.com", diff --git a/vuln_apps/docker-compose.yml b/vuln_apps/docker-compose.yml index 468c294..32f0553 100644 --- a/vuln_apps/docker-compose.yml +++ b/vuln_apps/docker-compose.yml @@ -6,7 +6,7 @@ services: links: - php ports: - - "80:80" + - "8080:80" volumes: - ./src:/usr/local/apache2/htdocs php: From f460d29f8923afd85ee3779dd71ec3600865c688 Mon Sep 17 00:00:00 2001 From: Dan Kegel Date: Thu, 19 Feb 2026 14:58:34 -0800 Subject: [PATCH 3/4] vuln_apps: let user override ports if they like --- vuln_apps/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vuln_apps/docker-compose.yml b/vuln_apps/docker-compose.yml index 32f0553..3572ad4 100644 --- a/vuln_apps/docker-compose.yml +++ b/vuln_apps/docker-compose.yml @@ -6,14 +6,14 @@ services: links: - php ports: - - "8080:80" + - "${NOSQLMAP_VULN_APPS_APACHE_PORT:-8080}:80" volumes: - ./src:/usr/local/apache2/htdocs php: container_name: php build: ./docker/php ports: - - "9000:9000" + - "${NOSQLMAP_VULN_APPS_PHP_PORT:-9000}:9000" volumes: - ./src:/usr/local/apache2/htdocs working_dir: /usr/local/apache2/htdocs @@ -24,4 +24,4 @@ services: MONGO_INITDB_ROOT_PASSWORD: prisma build: ./docker/mongo ports: - - "27017:27017" + - "${NOSQLMAP_VULN_APPS_MONGO_PORT:-27017}:27017" From 589a1ae97bc13a205332c32d2bea3f02c989a578 Mon Sep 17 00:00:00 2001 From: Dan Kegel Date: Thu, 19 Feb 2026 15:14:53 -0800 Subject: [PATCH 4/4] userdata.php: fix typo that broke demo. (Found by Claude.) --- vuln_apps/src/userdata.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vuln_apps/src/userdata.php b/vuln_apps/src/userdata.php index bf74313..11d1216 100644 --- a/vuln_apps/src/userdata.php +++ b/vuln_apps/src/userdata.php @@ -11,7 +11,7 @@ $conn = new MongoClient('mongodb://127.0.0.1'); $db = $conn->appUserData; $collection = $db->users; - $search = $_GET['usersearch']; + $usersearch = $_GET['usersearch']; $js = "function () { var query = '". $usersearch . "'; return this.username == query;}"; print $js; print '
'; @@ -45,4 +45,4 @@ - \ No newline at end of file +