Identifying MongoDB injection vulnerabilities

You can identify MongoDB injection vulnerabilities with Acunetix 360.

As one of the most popular NoSQL database solutions, MongoDB stores data as documents with a JSON-like syntax (JavaScript Object Notation).

  • NoSQL is a general term covering databases that don’t use the SQL query language. NoSQL is used to refer to non-relational databases that are growing in popularity.
  • It stores different data models that are better suited for certain uses, such as documents, graphs, objects, and many more.

Acunetix 360 can test your MongoDB to identify injection vulnerabilities. Currently, Acunetix 360 supports Time-based detection and Error-based detection.

This table explains how to identify MongoDB Injection vulnerabilities.



All new security checks are added to scan policies if you already enabled more than 50 percent of the checks.

MongoDB fields

This table lists and explains the MongoDB injection fields on the New Scan Policy page.

Proof Character Limit

This specifies the character limit for generated proof. The default value is 5. Enter 0 to disable the character limit.

Proof Sharing

This specifies enabling or disabling the same proof across vulnerabilities. The default value is Yes.

Generate Proof

This specifies proof generation. The default value is Yes.

How to configure MongoDB Injection attacks in Acunetix 360
  1. Log in to Acunetix 360.
  2. From the main menu, select Policies > New Scan Policy.
  3. From the General tab, enter a name for your scan policy.
  4. From the Security Check tab, select the NoSQL Injection drop-down.

  1. Configure the MongoDB Injection (Blind) and MongoDB Injection (Error based) according to your needs.
  2. Select Save to save the scan policy.

You can now use this scan policy while launching a new scan. For further information, see Creating a new scan.


Click to view a sample report on MongoDB injection vulnerability detection.

« Back to the Acunetix Support Page