John's Avatar


01 Aug, 2018 07:53 PM

Hello Arachni team. I have uncovered a Blind NoSQL Injection vulnerability in a popular website. However, it is in a cookie and I am not sure how to confirm if it is a false positive or not. I will disclose the html report with you guys if you can help, but I would like your word that the report and any information that has to do with it or this conversation is kept between us. I am running Kali Linux and have tried to use Live HTTP Headers to test the cookie, but I can't get it to work, or just don't know how. I am not trying to exploit the vulnerability, I just want to learn how to find out if it is a false positive or not. How does one check a cookie for Blind NoSQL injection? What should I be looking for? What tools should I use? These are some of the questions I have and an hoping you have the answers. Looking forward to your response!

  1. 1 Posted by John on 01 Aug, 2018 08:06 PM

    John's Avatar

    Also, since this is public can you shoot me an email with the response and we will take it from there? Thank you for your time, if anyone has any information otherwise feel free to post. Also, once we take it up in email is it possible that this thread be deleted.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac