MongoDB Injection

Description

This script is possibly vulnerable to MongoDB Injection attacks.

There are various types of attacks against MongoDB databases. Consult web references for more information about this vulnerability.

1) Request Injection Attacks
If you are passing $_GET parameters to your queries, make sure that they are cast to strings first. Users can insert associative arrays in GET requests, which could then become unwanted $-queries.

2) Script Injection Attacks
If you are using JavaScript, make sure that any variables that cross the PHP- to-JavaScript boundry are passed in the scope field of MongoCode, not interpolated into the JavaScript string.

Impact
The impact of this vulnerability varies depending on the affected application. In the more severe cases it's possible to bypass the user authentication or download arbitrary information from the database.

Recommendation
If you are passing $_GET/$_POST parameters to your queries, make sure that they are cast to strings first. If you are using JavaScript, make sure that any variables that cross the PHP- to-JavaScript boundry are passed in the scope field of MongoCode, not interpolated into the JavaScript string.

References
PHP Manual MongoDB Security
How does MongoDB address SQL or Query injection?
Server-Side JavaScript Injection