Optimizing Blind NoSQL Injection Attacks Using the Binary Search Algorithm Approach

##plugins.themes.bootstrap3.article.main##

Roby Firnando Yusuf Daniel Rudiaman Sijabat

Abstract

NoSQL Injection is one type of attack on the NoSQL Database management system (DBMS). This attack exploits a vulnerability that allows the attacker to send arbitrary requests to the server. If the server responds to an error query or an invalid query, the attacker will manipulate the query. The process of doing Blind NoSQL Injection is complicated. As a result, Pentester often takes a long time to be able to obtain information and penetrate the database server. Based on these problems, this research will provide a solution by developing a tool to automate Blind NoSQL Injection attacks. The results of this research indicate that the development of an exploit tool can enhance performance and efficiency. The binary search algorithm demonstrates a shorter runtime compared to linear search, making it a more effective choice. Additionally, the mitigation approach involving sanitization and validation of input for each key object has proven to be effective in preventing NoSQL Injection attacks.

##plugins.themes.bootstrap3.article.details##

Section
Articles
References
(n.d.). Retrieved from V8: https://v8.dev/
(n.d.). Retrieved from NodeJS: https://nodejs.org/en/about/
Fitri, M. O. (2013). TREND PENGGUNAAN NOSQL UNTUK BASIS DATA.
Guptaa, S., Singha, N. K., & Tomara, D. S. (2018). Analysis Of NoSQL Database Vulnerabilities. 3rd International Conference on Internet of Things and Connected Technologies (ICIoTCT).
Hou, B., Shi, Y., Qian, K., & Tao, L. (2017). Towards Analyzing MongoDB NoSQL Security and Designing Injection Defense Solution. IEEE 3rd International Conference on Big Data Security on Cloud.
IBM. (n.d.). Retrieved from IBM - United States: https://www.ibm.com/cloud/learn/nosql-databases
Nugroho, A. B., & Mandala, S. (2020, Desember 02). Study the Best PenTest Algorithm for Blind SQL Injection Attacks. INTL. JOURNAL ON ICT, 7-10.
Nugroho, A., & Winarko, E. (2013). STUDI PERBANDINGAN PERBEDAAN KONSEPTUAL ANTARA SISTEM BASIS DATA RELASIONAL DENGAN SISTEM PENYIMPANAN DATA BERTIPE NON-RELASIONAL (NO-SQL) : EKSPLORASI PADA SERVER DATA CASSANDRA.
Ombagi, J. (2017). Time-Based Blind SQL Injection via HTTP Headers: Fuzzing and Exploitation.
Priyadharshini, S., & Rajmohan, R. (2017). Analysis on Database Security Model Against NOSQL Injection.
Purnomosidi, B. (2013). Buku Cloud Node.js. Retrieved from https://github.com/bpdp/buku-cloud-nodejs
Simanjuntak, H. T., Simanjunta, L., Situmorang, G., & Saragih, A. (2015). QUERY RESPONSE TIME COMPARISON NOSQLDB MONGODB WITH SQLDB ORACLE.
Singh, S. (2019). Security Analysis of MongoDB.
Trudeau, M., & Kolodny, J. (2017). An Analysis and Overview of MongoDB Security.
What is Python? Executive Summary. (n.d.). Retrieved from Python: https://www.python.org/doc/essays/blurb/
Shachi, M., Siddiqui Shourav, N., Syeed, A., Ahmed, S., Brishty, A. A., & Sakib, N. (2021). A Survey on Detection and Prevention of SQL and NoSQL Injection Attack on Server-side Applications. In International Journal of Computer Applications (Vol. 183, Issue 10