Following my previous post on SSJI (Server Side JavaScript Injection), I received many questions requesting more details and techniques on how applications that use a big data back end may be vulnerable and If I could give some viable examples. I figured we could start with an login page authentication bypass that gives a very clear example to the problem.
more here...........http://blog.imperva.com/2014/10/nosql-ssji-authentication-bypass.html
more here...........http://blog.imperva.com/2014/10/nosql-ssji-authentication-bypass.html