Attacking MongoDB

1. MongoDB unauthorized access vulnerability Leaks MongoDB information Because the MongoDB runned without the option --auth. And the revealable information may cause a series of other security problem. Payload: var file = "data", lineReader = require("line-reader"), mongoose = require(''mongoose''); function conn (host, cb){ var url = ''mongodb://''…

Parse Tips

Test Setup Then to test if you can query your own Parse server run the following CURL command on your machine: curl -X GET \ -H "X-Parse-Application-Id: <appID>" \ -H "X-Parse-Master-Key: <masterKey>" \ -G \ http://<yourIpAddress>:1337/parse/classes/<yourClass>/<…

Local parse server setup step by step

create a project folder open terminal direct to your project folder run npm init run npm install parse-server run npm install express --save create app.js paste in example code from parse-server git page (https://github.com/ParsePlatform/pars...) modify cloud URL in ParseServer constructor run node app.js…