Normalize page header for JWT, LDAP, LaTeX, OAuth, ORM

NoSQL Injection/README.md

@@ -2,10 +2,11 @@
 
 > NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren't using the traditional SQL syntax.
 
+
 ## Summary
 
 * [Tools](#tools)
-* [Exploit](#exploits)
+* [Methodology](#methodology)
     * [Authentication Bypass](#authentication-bypass)
     * [Extract length information](#extract-length-information)
     * [Extract data information](#extract-data-information)
@@ -14,8 +15,10 @@
     * [POST with urlencoded body](#post-with-urlencoded-body)
     * [GET](#get)
 * [MongoDB Payloads](#mongodb-payloads)
+* [Labs](#references)
 * [References](#references)
 
+
 ## Tools
 
 * [codingo/NoSQLmap](https://github.com/codingo/NoSQLMap) - Automated NoSQL database enumeration and web application exploitation tool
@@ -23,7 +26,7 @@
 * [matrix/Burp-NoSQLiScanner](https://github.com/matrix/Burp-NoSQLiScanner) - This extension provides a way to discover NoSQL injection vulnerabilities. 
 
 
-## Exploit
+## Methodology
 
 ### Authentication Bypass
 
@@ -214,6 +217,12 @@ db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emi
 ```
 
 
+## Labs
+
+* [Root Me - NoSQL injection - Authentication](https://www.root-me.org/en/Challenges/Web-Server/NoSQL-injection-Authentication)
+* [Root Me - NoSQL injection - Blind](https://www.root-me.org/en/Challenges/Web-Server/NoSQL-injection-Blind)
+
+
 ## References
 
 - [Burp-NoSQLiScanner - matrix - January 30, 2021](https://github.com/matrix/Burp-NoSQLiScanner/blob/main/src/burp/BurpExtender.java)