<![CDATA[NoSQL Injection is one type of attack on the NoSQL Database management system (DBMS). This attack exploits a vulnerability that allows the attacker to send arbitrary requests to the server. If the server responds to an error query or an invalid query, the attacker will manipulate the query. The process of doing Blind NoSQL Injection is complicated. As a result, Pentester often takes a long time to be able to obtain information and penetrate the database server. Based on these problems, this research will provide a solution by developing a tool to automate Blind NoSQL Injection attacks. The results of this research indicate that the development of an exploit tool can enhance performance and efficiency. The binary search algorithm demonstrates a shorter runtime compared to linear search, making it a more effective choice. Additionally, the mitigation approach involving sanitization and validation of input for each key object has proven to be effective in preventing NoSQL Injection attacks.]]>
Copyrights © 2023
